CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1331
https://notcve.org/view.php?id=CVE-2003-1331
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. • http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html http://bugs.mysql.com/bug.php?id=564 http://www.securityfocus.com/bid/7887 https://exchange.xforce.ibmcloud.com/vulnerabilities/12337 •
CVSS: 4.3EPSS: 0%CPEs: 66EXPL: 3CVE-2003-1480 – MySQL 3.x/4.0.x - Weak Password Encryption
https://notcve.org/view.php?id=CVE-2003-1480
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. • https://www.exploit-db.com/exploits/22565 http://secunia.com/advisories/8753 http://www.securiteam.com/tools/5WP031FA0U.html http://www.securityfocus.com/bid/7500 • CWE-310: Cryptographic Issues •
CVSS: 9.0EPSS: 91%CPEs: 70EXPL: 3CVE-2003-0780 – MySQL 3.23.x/4.0.x - Password Handler Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0780
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. Desbordamiento de búfer en get_salt_from_password de sql_acl.cc de MySQL 4.0.14 y anteriores, y 3.23.x, permite a atacantes ejecutar código arbitrario mediante un campo de contraseña largo. • https://www.exploit-db.com/exploits/23138 https://www.exploit-db.com/exploits/98 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html http://marc.info/?l=bugtraq&m=106364207129993&w=2 http://marc.info/?l=bugtraq&m=106381424420775&w=2 http://secunia.com/advisories/9709 http://www.debian.org/security/2003/dsa-381 http://www.kb.cert.org/vuls/id/516492 http://www.mandriva •
CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 2CVE-2003-0150 – MySQL 3.23.x - 'mysqld' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. MySQL 3.23.55 y anteriores crean ficheros escribibles por todos los usuarios y permite a usuarios de MySQL ganar privilegios de root usando el operados "SELECT * INFO OUTFILE" para sobreescribir un fichero de configuración y hacer que mysql corra como root al reiniciar. MySQL versions 5.7.15 and below, 5.6.33 and below, and 5.5.52 and below suffer from remote root code execution and privilege escalation vulnerabilities. • https://www.exploit-db.com/exploits/22340 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://marc.info/?l=bugtraq&m=104715840202315&w=2 http://marc.info/?l=bugtraq&m=104739810523433&w=2 http://marc.info/?l=bugtraq&m=104800948128630&w=2 http://marc.info/? •
CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2003-0073
https://notcve.org/view.php?id=CVE-2003-0073
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Vulnerabilidad de doble liberación de memoria (double-free) en mysqld de MySQL anteriores a 3.23.55 permite a atacantes remotos causar una denegación de servicio (caída) mediante mysql_change_user. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://marc.info/?l=bugtraq&m=104385719107879&w=2 http://www.debian.org/security/2003/dsa-303 http://www.iss.net/security_center/static/11199.php http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 http://www.mysql.com/doc/en/News-3.23.55.html http://www.redhat.com/support/errata/RHSA-2003-093.html http://www.redhat.c •