CVSS: 5.8EPSS: 1%CPEs: 8EXPL: 9CVE-2005-2467 – MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2467
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. • https://www.exploit-db.com/exploits/26056 https://www.exploit-db.com/exploits/26057 https://www.exploit-db.com/exploits/26058 http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18400 http://www.osvdb.org/18401 http://www.osvdb.org/18402 http://www.securityfoc •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 8CVE-2005-2468 – MySQL Eventum 1.5.5 - 'login.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-2468
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. • https://www.exploit-db.com/exploits/1134 http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18403 http://www.osvdb.org/18404 http://www.osvdb.org/18405 http://www.osvdb.org/18406 http://www.securityfocus.com/bid/14437 http://www.vupen.com/english/advisories& •
CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 0CVE-2005-4713
https://notcve.org/view.php?id=CVE-2005-4713
Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call. • http://secunia.com/advisories/18598 http://secunia.com/advisories/20690 http://sourceforge.net/forum/forum.php?forum_id=499394 http://sourceforge.net/tracker/index.php?func=detail&aid=1256243&group_id=5741&atid=305741 http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml http://www.securityfocus.com/bid/16564 http://www.vupen.com/english/advisories/2006/0490 •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2005-2573
https://notcve.org/view.php?id=CVE-2005-2573
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035847.html http://marc.info/?l=bugtraq&m=112360618320729&w=2 http://mysql.bkbits.net:8080/mysql-4.0/cset%40428b981bg2iwh3CbGANDaF-W6DbttA http://mysql.bkbits.net:8080/mysql-4.0/gnupatch%40428b981bg2iwh3CbGANDaF-W6DbttA http://www.appsecinc.com/resources/alerts/mysql/2005-001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/21738 •
CVSS: 4.6EPSS: 95%CPEs: 38EXPL: 0CVE-2005-2558
https://notcve.org/view.php?id=CVE-2005-2558
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1/SCOSA-2006.18.1.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://marc.info/?l=bugtraq&m=112354450412427&w=2 http://secunia.com/advisories/17027 http://secunia.com/advisories/20381 http://secunia.com/advisories/29847 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 http://www.appsecinc.com/resources/alerts/mysql/2005-002.html http://www.debian.org/security/ •