Page 65 of 361 results (0.006 seconds)

CVSS: 4.6EPSS: 95%CPEs: 38EXPL: 0

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1/SCOSA-2006.18.1.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035845.html http://marc.info/?l=bugtraq&m=112354450412427&w=2 http://secunia.com/advisories/17027 http://secunia.com/advisories/20381 http://secunia.com/advisories/29847 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1 http://www.appsecinc.com/resources/alerts/mysql/2005-002.html http://www.debian.org/security/ •

CVSS: 4.6EPSS: 0%CPEs: 22EXPL: 0

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. • http://marc.info/?l=full-disclosure&m=111632686805498&w=2 http://secunia.com/advisories/15369 http://secunia.com/advisories/17080 http://www.mandriva.com/security/advisories?name=MDKSA-2006:045 http://www.redhat.com/support/errata/RHSA-2005-685.html http://www.securityfocus.com/bid/13660 http://www.zataz.net/adviso/mysql-05172005.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •

CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 1

MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. • http://bugs.mysql.com/bug.php?id=9148 http://marc.info/?l=bugtraq&m=111091250923281&w=2 http://secunia.com/advisories/14564 •

CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 3

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. • https://www.exploit-db.com/exploits/25211 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA&# •

CVSS: 4.6EPSS: 96%CPEs: 34EXPL: 2

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. • https://www.exploit-db.com/exploits/25210 http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=111065974004648&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml •