CVSS: 9.8EPSS: 9%CPEs: 34EXPL: 2CVE-2002-1809 – MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration
https://notcve.org/view.php?id=CVE-2002-1809
31 Dec 2002 — The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. • https://www.exploit-db.com/exploits/21725 •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2002-1921
https://notcve.org/view.php?id=CVE-2002-1921
31 Dec 2002 — The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. • http://online.securityfocus.com/archive/1/288105 •
CVSS: 9.1EPSS: 0%CPEs: 42EXPL: 0CVE-2002-1923
https://notcve.org/view.php?id=CVE-2002-1923
31 Dec 2002 — The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. • http://online.securityfocus.com/archive/1/288105 •
CVSS: 7.5EPSS: 3%CPEs: 47EXPL: 0CVE-2002-1373
https://notcve.org/view.php?id=CVE-2002-1373
23 Dec 2002 — Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. Vulnerabilidad de enteros con signo en el paquete COM_TABLE_DUMP de MySQL 3.23.x anteriores a 3.23.54 permite a atacantes remotos causar una denegación de servicio (caída o cuelge) en mysqld proveyendo a una llamada a memcpy() con enteros negativos grandes. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 •
CVSS: 9.8EPSS: 25%CPEs: 62EXPL: 2CVE-2002-1374 – MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account
https://notcve.org/view.php?id=CVE-2002-1374
23 Dec 2002 — The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. El comando COM_CHANGE_USER en MySQL 3.x anterirores de 3.23.54 y 4.x anteriores a 4.0.5 permite a atacantes remotos ganar privilegios mediante un ataque de fuerza bruta usando una contraseña de un carácter, lo que hace que MyS... • https://www.exploit-db.com/exploits/22084 •
CVSS: 9.8EPSS: 15%CPEs: 62EXPL: 1CVE-2002-1375 – MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption
https://notcve.org/view.php?id=CVE-2002-1375
23 Dec 2002 — The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. El comando COM_CHANGE_USER en MySQL 3.x anteriores a 2.23.54 y 4.x anterior a 4.0.6 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta larga. • https://www.exploit-db.com/exploits/22085 •
CVSS: 9.8EPSS: 3%CPEs: 62EXPL: 0CVE-2002-1376
https://notcve.org/view.php?id=CVE-2002-1376
17 Dec 2002 — libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. La librería de cliente libmysqlclient en MySQL 3.x a 3.23.54 y 4.x a 4.06, no verifica adecuadamente longitudes de campos de ciertas respuestas en las rutinas read_rows o read_one_row, lo que permite a a atacantes remotos causar un... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2002-0969
https://notcve.org/view.php?id=CVE-2002-0969
11 Oct 2002 — Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. Desbordamiento de búfer en MySQL anteriores a 3.23.50, y 4.0 beta anteriores a 4.02 sobre Windows, y posiblemente otras plataformas, permite a usuarios locales ejecutar código arbitrario mediante un parámetro datadir largo e... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1255
https://notcve.org/view.php?id=CVE-2001-1255
02 Oct 2001 — WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. • http://online.securityfocus.com/archive/1/217848 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2001-0407 – MySQL 3.20.32 a/3.23.34 - Root Operation Symbolic Link File Overwriting
https://notcve.org/view.php?id=CVE-2001-0407
27 Jun 2001 — Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). • https://www.exploit-db.com/exploits/20718 •