CVE Daily
← All tags

Tag: MySQL

All CVEs associated with "MySQL". Page 19/20 • 2289 CVEs.

Subscribe CVEs: RSS for “MySQL”  ·  RSS (High+Critical only)

About “MySQL”

A curated feed of “MySQL”-related CVEs appears below. We currently track 2289 CVEs for this tag (all time). In the last 365 days, 184 were published. Average CVSS is 5.6 (all time; 6.4 over 365d), and 20% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-11-04
Medium

CVE-2006-5702

Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-ar…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2006-11-03
Critical

CVE-2006-5675

Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for secu…

CVSS: 10.0 CWE: N/A View on NVD
2006-10-03
Medium

CVE-2006-5127

Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2…

CVSS: 6.8 CWE: N/A View on NVD
2006-09-29
High

CVE-2006-5079

PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir paramet…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-28
Medium

CVE-2006-5065

PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in th…

CVSS: 5.1 CWE: N/A View on NVD
2006-09-27
Medium

CVE-2006-5027

Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.i…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-5029

SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue m…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-25
Medium

CVE-2006-4976

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc…

CVSS: 5.0 CWE: N/A View on NVD
2006-09-15
Medium

CVE-2006-4835

Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.p…

CVSS: 5.0 CWE: N/A View on NVD
2006-08-28
Low

CVE-2006-4380

MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.

CVSS: 2.1 CWE: N/A View on NVD
2006-08-21
High

CVE-2006-4276

PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-4277

Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-18
Low

CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs…

CVSS: 3.6 CWE: N/A View on NVD
Medium

CVE-2006-4227

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated user…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2006-08-09
Low

CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, whic…

CVSS: 2.1 CWE: N/A View on NVD
2006-08-01
High

CVE-2006-3963

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2)…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-3964

PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-3965

Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database userna…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-27
Low

CVE-2006-3878

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by m…

CVSS: 2.1 CWE: N/A View on NVD
2006-07-21
Medium

CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead…

CVSS: 4.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-07-10
Low

CVE-2006-3486

Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local user…

CVSS: 2.1 CWE: CWE-189 View on NVD
2006-06-30
High

CVE-2006-3329

SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-3330

Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field),…

CVSS: 6.8 CWE: N/A View on NVD
2006-06-19
Medium

CVE-2006-3081

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date func…

CVSS: 4.0 CWE: N/A View on NVD
2006-06-01
High

CVE-2006-2753

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-2742

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) da…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-2748

SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2006-2750

Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts o…

CVSS: 4.3 CWE: N/A View on NVD
2006-05-23
Medium

CVE-2006-2543

Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.

CVSS: 5.1 CWE: N/A View on NVD
2006-05-12
High

CVE-2006-1451

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2006-2329

AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensitive information via a direct request for (1) adodb-access.inc.php, (2) adodb-ado.inc.php, (3) adodb-ado_access.inc, (4) adodb-ado_…

CVSS: 5.0 CWE: N/A View on NVD
2006-05-09
High

CVE-2006-2042

Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.

CVSS: 7.5 CWE: N/A View on NVD
2006-05-05
Medium

CVE-2006-1516

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trail…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1517

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet leng…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1518

Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length val…

CVSS: 6.5 CWE: N/A View on NVD
2006-04-20
Medium

CVE-2006-1930

Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date paramete…

CVSS: 6.4 CWE: N/A View on NVD
2006-03-26
High

CVE-2006-1395

SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the usern…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1396

Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of thi…

CVSS: 4.3 CWE: N/A View on NVD
2006-03-21
Medium

CVE-2006-1324

Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter w…

CVSS: 6.8 CWE: N/A View on NVD
2006-03-14
High

CVE-2006-1210

The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1211

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Ne…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-09
High

CVE-2006-1111

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1112

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.

CVSS: 5.0 CWE: N/A View on NVD
2006-02-28
Medium

CVE-2006-0909

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-27
Medium

CVE-2006-0903

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this…

CVSS: 4.6 CWE: N/A View on NVD
2006-02-15
High

CVE-2006-0692

Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2006-02-13
High

CVE-2006-0056

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-01-22
Low

CVE-2006-0369

MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: th…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2006-01-13
Critical

CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL…

CVSS: 9.3 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2006-01-09
High

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2006-01-06
High

CVE-2006-0097

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2)…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2005-12-31
Medium

CVE-2005-2467

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2005-2468

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.aut…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-4626

The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive informat…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4661

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4713

Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecifie…

CVSS: 5.0 CWE: N/A View on NVD
2005-12-14
Medium

CVE-2005-4237

Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword…

CVSS: 4.3 CWE: N/A View on NVD
2005-09-08
High

CVE-2005-2865

Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.ph…

CVSS: 7.5 CWE: N/A View on NVD
2005-08-16
Medium

CVE-2005-2558

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2005-2571

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the databa…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2005-2572

MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1)…

CVSS: 8.5 CWE: N/A View on NVD
Medium

CVE-2005-2573

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traver…

CVSS: 5.0 CWE: N/A View on NVD
2005-07-08
Low

CVE-2005-2174

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access info…

CVSS: 2.6 CWE: N/A View on NVD
2005-05-17
Medium

CVE-2005-1636

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitra…

CVSS: 4.6 CWE: N/A View on NVD
2005-05-02
Medium

CVE-2005-0083

MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_St…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-0646

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demon…

CVSS: 4.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2005-0710

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSE…

CVSS: 4.6 CWE: N/A View on NVD
Low

CVE-2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary fi…

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2005-1121

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attacke…

CVSS: 5.0 CWE: N/A View on NVD
2005-04-26
Critical

CVE-2005-1274

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a…

CVSS: 10.0 CWE: N/A View on NVD
2005-04-25
Critical

CVE-2005-0684

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%…

CVSS: 10.0 CWE: N/A View on NVD
2005-04-14
Medium

CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files…

CVSS: 4.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2005-0081

MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0082

The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler…

CVSS: 5.0 CWE: N/A View on NVD
2005-03-15
Medium

CVE-2005-0799

MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such a…

CVSS: 5.0 CWE: N/A View on NVD
2005-02-09
Medium

CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar name…

CVSS: 6.8 CWE: N/A View on NVD
2005-01-13
High

CVE-2005-0111

Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.

CVSS: 7.5 CWE: N/A View on NVD
2005-01-10
Medium

CVE-2004-0956

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-1228

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation…

CVSS: 6.4 CWE: N/A View on NVD
2004-12-31
Medium

CVE-2004-0931

MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in t…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-2149

Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-2354

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-s…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-2357

The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.

CVSS: 6.4 CWE: N/A View on NVD
Low

CVE-2004-2398

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the f…

CVSS: 2.1 CWE: N/A View on NVD
High

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

CVSS: 7.5 CWE: N/A View on NVD
2004-12-06
Critical

CVE-2004-0627

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2004-0628

Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.

CVSS: 10.0 CWE: N/A View on NVD
2004-11-03
High

CVE-2004-0835

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME opera…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2004-0836

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

CVSS: 2.6 CWE: N/A View on NVD
2004-09-28
Medium

CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: N/A View on NVD
2004-06-01
Low

CVE-2004-0388

The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

CVSS: 2.1 CWE: N/A View on NVD
2004-05-04
Low

CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2003-12-31
Medium

CVE-2003-1331

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a d…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2003-1383

WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.

CVSS: 7.5 CWE: CWE-264 View on NVD
Medium

CVE-2003-1421

Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors.

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2003-1480

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

CVSS: 4.3 CWE: CWE-310 View on NVD
2003-09-22
Critical

CVE-2003-0780

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

CVSS: 9.0 CWE: N/A View on NVD
2003-08-18
High

CVE-2003-0515

SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
2003-04-22
Medium

CVE-2002-1479

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly g…

CVSS: 4.6 CWE: N/A View on NVD
2003-03-24
Critical

CVE-2003-0150

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql…

CVSS: 9.0 CWE: N/A View on NVD
2003-02-19
Medium

CVE-2003-0073

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

CVSS: 5.0 CWE: N/A View on NVD
2002-12-31
High

CVE-2002-1809

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL data…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-1921

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-1923

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-1952

phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occu…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-2043

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail user…

CVSS: 7.5 CWE: N/A View on NVD
2002-12-23
Medium

CVE-2002-1373

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative int…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2002-1374

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL t…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-1375

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-1376

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows r…

CVSS: 7.5 CWE: N/A View on NVD
2002-10-11
High

CVE-2002-0969

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini ini…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2002-05-16
High

CVE-2002-0229

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCA…

CVSS: 7.5 CWE: N/A View on NVD
2001-12-25
Medium

CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.

CVSS: 5.0 CWE: N/A View on NVD
2001-10-02
Medium

CVE-2001-1255

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

CVSS: 4.6 CWE: N/A View on NVD
2001-09-20
High

CVE-2001-0645

Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC fr…

CVSS: 7.5 CWE: N/A View on NVD
2001-09-04
Medium

CVE-2001-0990

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL usernam…

CVSS: 4.6 CWE: N/A View on NVD
2001-06-27
Medium

CVE-2001-0407

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

CVSS: 4.6 CWE: N/A View on NVD
2001-02-09
High

CVE-2001-1453

Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

CVSS: 7.5 CWE: N/A View on NVD