CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 2CVE-2003-0150 – MySQL 3.23.x - 'mysqld' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. MySQL 3.23.55 y anteriores crean ficheros escribibles por todos los usuarios y permite a usuarios de MySQL ganar privilegios de root usando el operados "SELECT * INFO OUTFILE" para sobreescribir un fichero de configuración y hacer que mysql corra como root al reiniciar. MySQL versions 5.7.15 and below, 5.6.33 and below, and 5.5.52 and below suffer from remote root code execution and privilege escalation vulnerabilities. • https://www.exploit-db.com/exploits/22340 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://marc.info/?l=bugtraq&m=104715840202315&w=2 http://marc.info/?l=bugtraq&m=104739810523433&w=2 http://marc.info/?l=bugtraq&m=104800948128630&w=2 http://marc.info/? •
CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2003-0073
https://notcve.org/view.php?id=CVE-2003-0073
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Vulnerabilidad de doble liberación de memoria (double-free) en mysqld de MySQL anteriores a 3.23.55 permite a atacantes remotos causar una denegación de servicio (caída) mediante mysql_change_user. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://marc.info/?l=bugtraq&m=104385719107879&w=2 http://www.debian.org/security/2003/dsa-303 http://www.iss.net/security_center/static/11199.php http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 http://www.mysql.com/doc/en/News-3.23.55.html http://www.redhat.com/support/errata/RHSA-2003-093.html http://www.redhat.c •
CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0CVE-2002-1923
https://notcve.org/view.php?id=CVE-2002-1923
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. • http://online.securityfocus.com/archive/1/288105 http://www.iss.net/security_center/static/9909.php http://www.securityfocus.com/bid/5513 •
CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0CVE-2002-1921
https://notcve.org/view.php?id=CVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. • http://online.securityfocus.com/archive/1/288105 http://www.iss.net/security_center/static/9908.php http://www.securityfocus.com/bid/5511 •
CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 2CVE-2002-1809 – MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration
https://notcve.org/view.php?id=CVE-2002-1809
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. • https://www.exploit-db.com/exploits/21725 http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html http://www.iss.net/security_center/static/9902.php http://www.securityfocus.com/bid/5503 •