CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4030 – mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098
https://notcve.org/view.php?id=CVE-2009-4030
30 Nov 2009 — MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability... • http://bugs.mysql.com/bug.php?id=32167 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 104EXPL: 1CVE-2009-4028 – mysql: client SSL certificate verification flaw
https://notcve.org/view.php?id=CVE-2009-4028
30 Nov 2009 — The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. La función vio_verify_callback en vio_verify_callback de MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41,... • http://bugs.mysql.com/47320 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247
https://notcve.org/view.php?id=CVE-2008-7247
30 Nov 2009 — sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando e... • http://bugs.mysql.com/bug.php?id=39277 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2942
https://notcve.org/view.php?id=CVE-2009-2942
22 Oct 2009 — The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. El mysql-ocaml bindings v1.0.4 para MySQL no soporta adecuadamente la función mysql_real_escape_string, lo que puede permitir a atacantes remotos elevar vulnerabilidades de escape incluyendo codificaciones de caracteres multibyte. • http://secunia.com/advisories/37047 •
CVSS: 8.8EPSS: 17%CPEs: 115EXPL: 3CVE-2009-2446 – MySQL 5.0.75 - 'sql_parse.cc' Multiple Format String Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2446
13 Jul 2009 — Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de formato de cadena en la función dispatch_command en li... • https://www.exploit-db.com/exploits/33077 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 4%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
05 Mar 2009 — sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expre... • https://www.exploit-db.com/exploits/32838 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2008-4454 – MySQL Quick Admin 1.5.5 - 'cookie' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-4454
06 Oct 2008 — Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Una vulnerabilidad de salto de directorio en el administrador de MySQL EKINdesigns MySQL Quick Admin 1.5.5, permite a atacantes remotos leer y ejecutar archivos arbitrarios a través de un .. (punto punto) en... • https://www.exploit-db.com/exploits/6641 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4455 – MySQL Quick Admin 1.5.5 - 'cookie' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-4455
06 Oct 2008 — Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie. Una vulnerabilidad de salto de directorio en el fichero index.php del administrador de MySQL EKINdesigns MySQL Quick Admin versiones 1.5.5 anteriores, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos leer y ejecutar archivos arbitrarios a través de un ..... • https://www.exploit-db.com/exploits/6641 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 10%CPEs: 15EXPL: 2CVE-2008-4456 – MySQL 5 - Command Line Client HTML Special Characters HTML Injection
https://notcve.org/view.php?id=CVE-2008-4456
06 Oct 2008 — Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente command-li... • https://www.exploit-db.com/exploits/32445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 52EXPL: 0CVE-2008-4098 – mysql: incomplete upstream fix for CVE-2008-2079
https://notcve.org/view.php?id=CVE-2008-4098
17 Sep 2008 — MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. MySQL anterior a 5.0.67, pe... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •