CVSS: 4.6EPSS: 0%CPEs: 22EXPL: 0CVE-2005-1636
https://notcve.org/view.php?id=CVE-2005-1636
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. • http://marc.info/?l=full-disclosure&m=111632686805498&w=2 http://secunia.com/advisories/15369 http://secunia.com/advisories/17080 http://www.mandriva.com/security/advisories?name=MDKSA-2006:045 http://www.redhat.com/support/errata/RHSA-2005-685.html http://www.securityfocus.com/bid/13660 http://www.zataz.net/adviso/mysql-05172005.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1274
https://notcve.org/view.php?id=CVE-2005-1274
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. • http://www.idefense.com/application/poi/display?id=236&type=vulnerabilities •
CVSS: 10.0EPSS: 92%CPEs: 10EXPL: 1CVE-2005-0684 – MaxDB WebDBM - GET Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0684
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c. • https://www.exploit-db.com/exploits/16791 http://dev.mysql.com/doc/maxdb/changes/changes_7.5.00.26.html#WebDAV http://www.idefense.com/application/poi/display?id=234&type=vulnerabilities http://www.idefense.com/application/poi/display?id=235&type=vulnerabilities http://www.securityfocus.com/bid/13368 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0083
https://notcve.org/view.php?id=CVE-2005-0083
MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. • http://www.idefense.com/application/poi/display?id=218&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/19687 •
CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 3CVE-2005-0711 – MySQL 4.x - CREATE Temporary TABLE Symlink Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-0711
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. • https://www.exploit-db.com/exploits/25211 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA&# •