MySQL vulnerabilities

Showing 551 - 573 of 573 CVEs

  1. CVE-2003-1480 Published Dec 31, 2003

    MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

  2. CVE-2003-1331 Published Dec 31, 2003

    Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

  3. CVE-2003-0780 Published Sep 22, 2003

    Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

  4. CVE-2003-0150 Published Mar 24, 2003

    MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

  5. CVE-2003-0073 Published Feb 19, 2003

    Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

  6. CVE-2002-1923 Published Dec 31, 2002

    The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

  7. CVE-2002-1921 Published Dec 31, 2002

    The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

  8. CVE-2002-1809 Published Dec 31, 2002

    The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

  9. CVE-2002-1376 Published Dec 23, 2002

    libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  10. CVE-2002-1375 Published Dec 23, 2002

    The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

  11. CVE-2002-1374 Published Dec 23, 2002

    The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

  12. CVE-2002-1373 Published Dec 23, 2002

    Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

  13. CVE-2002-0969 Published Oct 11, 2002

    Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

  14. CVE-2001-1255 Published Oct 2, 2001

    WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

  15. CVE-2001-0407 Published Jun 27, 2001

    Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

  16. CVE-2001-1454 Published Feb 9, 2001

    Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

  17. CVE-2001-1453 Published Feb 9, 2001

    Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

  18. CVE-2001-1274 Published Jan 23, 2001

    Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

  19. CVE-2001-1275 Published Jan 19, 2001

    MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

  20. CVE-2000-0981 Published Dec 19, 2000

    MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

  21. CVE-2000-0148 Published Feb 8, 2000

    MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

  22. CVE-2000-0045 Published Jan 11, 2000

    MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

  23. CVE-1999-1188 Published Dec 27, 1998

    mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.