CVSS: 5.5EPSS: 0%CPEs: 75EXPL: 0CVE-2004-0381
https://notcve.org/view.php?id=CVE-2004-0381
06 Apr 2004 — mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. mysqlbug de MySQL pemite a usuarios locales sobreescribir ficheros elgidos arbitrariamente mediante un ataque de enlaces simbólicos sobre el fichero temporal failed-mysql-bugreport • http://marc.info/?l=bugtraq&m=108023246916294&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1331
https://notcve.org/view.php?id=CVE-2003-1331
31 Dec 2003 — Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. • http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html •
CVSS: 9.1EPSS: 0%CPEs: 66EXPL: 3CVE-2003-1480 – MySQL 3.x/4.0.x - Weak Password Encryption
https://notcve.org/view.php?id=CVE-2003-1480
31 Dec 2003 — MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. • https://www.exploit-db.com/exploits/22565 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 91%CPEs: 70EXPL: 3CVE-2003-0780 – MySQL 3.23.x/4.0.x - Password Handler Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0780
12 Sep 2003 — Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. Desbordamiento de búfer en get_salt_from_password de sql_acl.cc de MySQL 4.0.14 y anteriores, y 3.23.x, permite a atacantes ejecutar código arbitrario mediante un campo de contraseña largo. • https://www.exploit-db.com/exploits/23138 •
CVSS: 9.8EPSS: 7%CPEs: 6EXPL: 3CVE-2003-0150 – MySQL 3.23.x - 'mysqld' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0150
21 Mar 2003 — MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. MySQL 3.23.55 y anteriores crean ficheros escribibles por todos los usuarios y permite a usuarios de MySQL ganar privilegios de root usando el operados "SELECT * INFO OUTFILE" para sobreescribir un fichero de configuración y hacer que mysql corra ... • https://packetstorm.news/files/id/138678 •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2003-0073
https://notcve.org/view.php?id=CVE-2003-0073
19 Feb 2003 — Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Vulnerabilidad de doble liberación de memoria (double-free) en mysqld de MySQL anteriores a 3.23.55 permite a atacantes remotos causar una denegación de servicio (caída) mediante mysql_change_user. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 2CVE-2002-1809 – MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration
https://notcve.org/view.php?id=CVE-2002-1809
31 Dec 2002 — The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. • https://www.exploit-db.com/exploits/21725 •
CVSS: 9.1EPSS: 1%CPEs: 42EXPL: 0CVE-2002-1923
https://notcve.org/view.php?id=CVE-2002-1923
31 Dec 2002 — The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. • http://online.securityfocus.com/archive/1/288105 •
CVSS: 9.8EPSS: 1%CPEs: 42EXPL: 0CVE-2002-1921
https://notcve.org/view.php?id=CVE-2002-1921
31 Dec 2002 — The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. • http://online.securityfocus.com/archive/1/288105 •
CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 2CVE-2002-1374 – MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account
https://notcve.org/view.php?id=CVE-2002-1374
23 Dec 2002 — The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. El comando COM_CHANGE_USER en MySQL 3.x anterirores de 3.23.54 y 4.x anteriores a 4.0.5 permite a atacantes remotos ganar privilegios mediante un ataque de fuerza bruta usando una contraseña de un carácter, lo que hace que MyS... • https://www.exploit-db.com/exploits/22084 •