CVE-2005-0711 – MySQL 4.x - CREATE Temporary TABLE Symlink Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-0711
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. • https://www.exploit-db.com/exploits/25211 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA •
CVE-2005-0710 – MySQL 4.x - CREATE FUNCTION mysql.func Table Arbitrary Library Injection
https://notcve.org/view.php?id=CVE-2005-0710
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. • https://www.exploit-db.com/exploits/25210 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=111065974004648&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml •
CVE-2005-0709 – MySQL 4.x - CREATE FUNCTION Arbitrary libc Code Execution
https://notcve.org/view.php?id=CVE-2005-0709
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. • https://www.exploit-db.com/exploits/25209 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=111066115808506&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-0004
https://notcve.org/view.php?id=CVE-2005-0004
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. El script mysqlaccess de MySQL 4.0.23 y anteriores, 4.1.x anteriores a 4.1.10, 5.0.x anteriores a 5.0.3, y otras versiones incluyendo 3.x permite a usuarios locales sobreescribir ficheros arbitrariamente o leer ficheros temporales mediante un enlace de enlaces simbólicos (symlink) en ficheros temporales. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 http://lists.mysql.com/internals/20600 http://marc.info/?l=bugtraq&m=110608297217224&w=2 http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html http://secunia.com/advisories/13867 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-647 http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 http://www.securityfocus.com/bid/12277 https: • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2004-0956
https://notcve.org/view.php?id=CVE-2004-0956
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. MySQL anteriores a 4.0.20 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante una consulta MATCH AGAINST con comillas dobles iniciales pero sin comillas dobles de cierre. • http://bugs.mysql.com/bug.php?id=3870 http://lists.mysql.com/packagers/202 http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml http://www.novell.com/linux/security/advisories/2004_01_sr.html http://www.trustix.net/errata/2004/0054 https://exchange.xforce.ibmcloud.com/vulnerabilities/17768 •