CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2007-2693
https://notcve.org/view.php?id=CVE-2007-2693
16 May 2007 — MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. MySQL anterior a 5.1.18 permite a usuarios autenticados remotamente sin privilegios SELECT obtener información sensible desde tablas particionadas mediante una sentencia ALTER TABLE. • http://bugs.mysql.com/bug.php?id=23675 •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 3CVE-2007-1420 – MySQL 5.0.x - Single Row SubSelect Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1420
12 Mar 2007 — MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. MySQL versión 5.x anterior a 5.0.36, permite a los usuarios locales causar una denegación de servicio (bloqueo de base de datos) al realizar subselecciones de la tabla information_schema y utilizar ORDE... • https://www.exploit-db.com/exploits/29724 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2006-7232 – mysql: daemon crash via EXPLAIN on queries on information schema
https://notcve.org/view.php?id=CVE-2006-7232
31 Dec 2006 — sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. sql_select.cc en MySQL 5.0.x anterior a 5.0.32 y 5.1.x anterior a 5.1.14 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída) mediante un EXPLAIN SELECT FROM en la tabla INFORMATION_SCHEMA como se ha demostrado utilizando ORDER BY. • http://bugs.mysql.com/bug.php?id=22413 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4380
https://notcve.org/view.php?id=CVE-2006-4380
28 Aug 2006 — MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. MySQL anterior a 4.1.13 permite a un usuario local provocar denegación de servicio (caida de esclavo de replicación persistente)a través de una consulta con multiacutalizaciones y subselecciones. • http://bugs.mysql.com/10442 •
CVSS: 9.8EPSS: 1%CPEs: 95EXPL: 3CVE-2006-4226 – mysql-server create database privilege escalation
https://notcve.org/view.php?id=CVE-2006-4226
18 Aug 2006 — MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. MySQL anteriores a 4.1.21, 5.0 anterior a 5.0.25, y 5.1 anteriores a 5.1.12, cuando se ejecutan en sistemas de fichero sensibles al uso de mayúsculas o minúscular, permite a usuarios autenticados remotamente crear o acceder a una base de datos cuando ... • http://bugs.mysql.com/bug.php?id=17647 •
CVSS: 8.8EPSS: 12%CPEs: 12EXPL: 3CVE-2006-4227 – MySQL 4/5 - SUID Routine Miscalculation Arbitrary DML Statement Execution
https://notcve.org/view.php?id=CVE-2006-4227
18 Aug 2006 — MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. MySQL anterior a 5.0.25 y 5.1 anterior a 5.1.12 evalúa los argumentos de rutinas suid en el contexto de seguridad del creador de la rutina en lugar del de aquel que llama a la rutina, lo que permite a usuarios autenticados r... • https://www.exploit-db.com/exploits/28398 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 151EXPL: 1CVE-2006-4031 – MySQL improper permission revocation
https://notcve.org/view.php?id=CVE-2006-4031
09 Aug 2006 — MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. MySQL 4.1 anterior a 4.1.21 y 5.0 anterior a 5.0.24 permite a usuarios locales acceder a una tabla a través de una tabla MERGE previamente creada, incluso después de que los privilegios del usuario han sido revocados para la tabla original, lo cual podría violar la polít... • http://bugs.mysql.com/bug.php?id=15195 •
CVSS: 6.5EPSS: 56%CPEs: 25EXPL: 1CVE-2006-3469 – MySQL 4.x/5.x - Server Date_Format Denial of Service
https://notcve.org/view.php?id=CVE-2006-3469
18 Jul 2006 — Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message. Vulnerabilidad de cadena de formato en time.cc de MySQL Server 4.1 anterior a 4.1.21 y 5.0 anterior al 1 de abril de 2006 permite a usuarios autenticados remotamente provocar... • https://www.exploit-db.com/exploits/28234 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2006-3486
https://notcve.org/view.php?id=CVE-2006-3486
10 Jul 2006 — Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Ma... • http://bugs.mysql.com/bug.php?id=20622 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 9%CPEs: 14EXPL: 2CVE-2006-3081 – MySQL Server 4/5 - Str_To_Date Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-3081
19 Jun 2006 — mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. mysqld en MySQL v4.1.x antes de v4.1.18, v5.0.x antes de v5.0.19, y v5.1.x antes de v5.1.6 permite causar una denegación de servicio (caída del demonio) a usuarios remotos autorizados a través de un segundo argumento nulo para la función STR_TO_DATE. • https://www.exploit-db.com/exploits/28026 •