CVSS: 4.0EPSS: 92%CPEs: 25EXPL: 1CVE-2006-3469 – MySQL 4.x/5.x - Server Date_Format Denial of Service
https://notcve.org/view.php?id=CVE-2006-3469
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message. Vulnerabilidad de cadena de formato en time.cc de MySQL Server 4.1 anterior a 4.1.21 y 5.0 anterior al 1 de abril de 2006 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída) mediante una cadena de formato en lugar de una fecha como el primer parámetro para la función date_format, la cual es posteriormente utilizada en una llamada de escritura formateada para mostrar el mensaje de error. • https://www.exploit-db.com/exploits/28234 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 http://bugs.mysql.com/bug.php?id=20729 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/21147 http://secunia.com/advisories/21366 http://secunia.com/advisories/24479 http://secunia.com/advisories/31226& • CWE-134: Use of Externally-Controlled Format String •
CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2006-3486
https://notcve.org/view.php?id=CVE-2006-3486
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability ** IMPUGNADA ** Desbordamiento de búfer por superación del límite en la función Instance_options::complete_initialization de instance_options.cc en el Instance Manager de MySQL antes de 5.0.23 y 5.1 antes de 5.1.12 podría permitir a usuarios locales provocar una denegación de servicio (caída de aplicación) mediante vectores sin especificar, lo que dispara el desbordamiento cuando se llama a la función convert_dirname. NOTA: el fabricante ha impugnado este problema por email a CVE, diciendo que solamente es explotable cuando el usuario tiene acceso al archivo de configuración o al demonio Instance Manager. Debido a su funcionalidad prevista, este nivel de acceso ya permitiría al usuario interrumpir la operación del programa, por lo cual esto no transpasa los límites de seguridad y no es una vulnerabilidad. • http://bugs.mysql.com/bug.php?id=20622 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html http://www.vupen.com/english/advisories/2006/2700 https://exchange.xforce.ibmcloud.com/vulnerabilities/27635 • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 1%CPEs: 14EXPL: 2CVE-2006-3081 – MySQL Server 4/5 - Str_To_Date Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-3081
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. mysqld en MySQL v4.1.x antes de v4.1.18, v5.0.x antes de v5.0.19, y v5.1.x antes de v5.1.6 permite causar una denegación de servicio (caída del demonio) a usuarios remotos autorizados a través de un segundo argumento nulo para la función STR_TO_DATE. • https://www.exploit-db.com/exploits/28026 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913 http://bugs.mysql.com/bug.php?id=15828 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html http://secunia.com/advisories/19929 http://secunia.com/advisories/20832 http://secunia.com/advisories/20871 http://secunia.com/advisories/24479 http:&#x •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2006-2753
https://notcve.org/view.php?id=CVE-2006-2753
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.mysql.com/announce/364 http://secunia.com/advisories/20365 http://secunia.com/advisories/20489 http://secunia.com/advisories/20531 http://secunia.com/advisories/20541 http://secunia.com/advisories/20562 http://secunia.com/advisories/20625 http://secunia.com/advisories/20712 http:&# •
CVSS: 5.0EPSS: 37%CPEs: 71EXPL: 0CVE-2006-1517
https://notcve.org/view.php?id=CVE-2006-1517
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html http://secunia.com/advisories/19929 http://secunia.com/advisories/20002 http://secunia.com/advisories/20073 http://secunia.com/advisories/20076 http://secun •