Show filters
48 Total Results
Displaying 41-48 of 48
Sort by:
Attacker Value
Unknown

CVE-2006-1517

Disclosure Date: May 05, 2006 (last updated October 04, 2023)
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
0
Attacker Value
Unknown

CVE-2006-1516

Disclosure Date: May 05, 2006 (last updated October 04, 2023)
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
0
Attacker Value
Unknown

CVE-2006-1518

Disclosure Date: May 05, 2006 (last updated October 04, 2023)
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
0
Attacker Value
Unknown

CVE-2006-0903

Disclosure Date: February 27, 2006 (last updated February 22, 2025)
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
0
Attacker Value
Unknown

CVE-2006-0369

Disclosure Date: January 22, 2006 (last updated February 22, 2025)
MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access
0
Attacker Value
Unknown

CVE-2005-2558

Disclosure Date: August 16, 2005 (last updated February 22, 2025)
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
0
Attacker Value
Unknown

CVE-2005-2573

Disclosure Date: August 16, 2005 (last updated February 22, 2025)
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
0
Attacker Value
Unknown

CVE-2005-1636

Disclosure Date: May 17, 2005 (last updated February 22, 2025)
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
0