Lucene search

K
OracleMysql4.0.4

17 matches found

CVE
CVE
added 2009/07/13 5:30 p.m.734 views

CVE-2009-2446

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a databas...

8.5CVSS9.4AI score0.11194EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.94 views

CVE-2005-0710

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

4.6CVSS9.2AI score0.27055EPSS
CVE
CVE
added 2003/09/22 4:0 a.m.79 views

CVE-2003-0780

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

9CVSS7.4AI score0.70046EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.73 views

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

4.6CVSS9.3AI score0.3706EPSS
CVE
CVE
added 2005/05/17 4:0 a.m.73 views

CVE-2005-1636

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

4.6CVSS7AI score0.00022EPSS
CVE
CVE
added 2006/05/05 12:46 p.m.72 views

CVE-2006-1516

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

5CVSS7.8AI score0.622EPSS
CVE
CVE
added 2006/02/27 11:2 p.m.70 views

CVE-2006-0903

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_qu...

4.6CVSS6.3AI score0.00236EPSS
CVE
CVE
added 2006/05/05 12:46 p.m.70 views

CVE-2006-1517

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.

5CVSS7.6AI score0.03978EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.69 views

CVE-2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

2.1CVSS8.6AI score0.0034EPSS
CVE
CVE
added 2006/08/18 8:4 p.m.69 views

CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

3.6CVSS7.6AI score0.00563EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.65 views

CVE-2004-0956

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

5CVSS6.1AI score0.01048EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.63 views

CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

6.8CVSS5.9AI score0.00386EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.63 views

CVE-2005-2558

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.

4.6CVSS7.3AI score0.05071EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.62 views

CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

2.1CVSS5.8AI score0.00132EPSS
CVE
CVE
added 2006/08/09 10:4 p.m.62 views

CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

2.1CVSS7.8AI score0.00263EPSS
CVE
CVE
added 2012/05/03 10:55 p.m.60 views

CVE-2012-1696

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00759EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.59 views

CVE-2005-2573

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash () character.

5CVSS6.6AI score0.00507EPSS