Filtered by vendor Mysql
Subscribe
Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2468 | 1 Mysql | 1 Eventum | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. | |||||
| CVE-2006-1517 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | |||||
| CVE-2003-0780 | 3 Conectiva, Mysql, Oracle | 3 Linux, Mysql, Mysql | 2025-04-03 | 9.0 HIGH | N/A |
| Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. | |||||
| CVE-2004-0628 | 1 Mysql | 1 Mysql | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string. | |||||
| CVE-2005-1636 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
| mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | |||||
| CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.3 MEDIUM | N/A |
| MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | |||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | |||||
| CVE-2004-0931 | 1 Mysql | 1 Maxdb | 2025-04-03 | 5.0 MEDIUM | N/A |
| MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. | |||||
| CVE-2006-3081 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.0 MEDIUM | N/A |
| mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. | |||||
| CVE-2006-4226 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 3.6 LOW | N/A |
| MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | |||||
| CVE-2006-4031 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | |||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | |||||