CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mysql » Mysql » 3.23.49 : Security Vulnerabilities

Cpe Name:cpe:/a:mysql:mysql:3.23.49
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-3177 2012-10-16 2017-08-28
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
2 CVE-2012-3166 2012-10-16 2014-02-20
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
3 CVE-2012-3160 2012-10-16 2017-08-28
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
4 CVE-2012-1697 2012-05-03 2017-12-06
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
5 CVE-2012-1696 2012-05-03 2018-10-30
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
6 CVE-2006-4031 2006-08-09 2017-10-10
2.1
None Local Low Not required Partial None None
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
7 CVE-2006-0903 Bypass 2006-02-27 2018-10-03
4.6
User Local Low Not required Partial Partial Partial
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
8 CVE-2005-0711 2005-05-02 2018-10-03
2.1
None Local Low Not required None Partial None
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
9 CVE-2005-0710 Bypass 2005-05-02 2018-10-03
4.6
User Local Low Not required Partial Partial Partial
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
10 CVE-2005-0709 94 Exec Code 2005-05-02 2018-10-03
4.6
User Local Low Not required Partial Partial Partial
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
11 CVE-2004-0957 2005-02-09 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
12 CVE-2004-0381 2004-05-04 2017-10-10
2.1
None Local Low Not required None Partial None
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
13 CVE-2003-1480 310 2003-12-31 2008-09-05
4.3
None Remote Medium Not required Partial None None
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
14 CVE-2003-0780 Exec Code Overflow 2003-09-22 2016-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
15 CVE-2002-1923 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
16 CVE-2002-1921 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
17 CVE-2002-1809 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
18 CVE-2002-1376 DoS Exec Code 2002-12-23 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
19 CVE-2002-1375 Exec Code 2002-12-23 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
20 CVE-2002-1374 +Priv 2002-12-23 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
21 CVE-2002-1373 DoS 2002-12-23 2018-05-02
5.0
None Remote Low Not required None None Partial
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
22 CVE-2002-0969 Exec Code Overflow 2002-10-11 2016-10-17
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
Total number of vulnerabilities : 22   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.