mysql software vulnerabilities

Searching mysql software vulnerabilities

A database service is running, e.g. a SQL serve

A database service is running, e.g. a SQL server, Oracle, or mySQL.

Inter7 vpopmail 4.10.35 and earlier, when using

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

WinMySQLadmin 1.1 stores the MySQL password in

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

Buffer overflow in MySQL before 3.23.31 allows

overflow | before | Buffer | MySQL |

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

MySQL before 3.23.31 allows users with a MySQL

before | MySQL |

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Buffer overflow in libmysqlclient.so in MySQL 3

libmysqlclientso | overflow | Buffer | MySQL |

Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

Buffer overflow in MySQL before 3.23.33 allows

overflow | before | Buffer | MySQL |

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

The default configuration of the Windows binary

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

MySQL 3.23.55 and earlier creates world-writeab

MySQL |

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Stack-based buffer overflow in the mysql_real_c

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

The mysqld_multi script in MySQL allows local u

The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

The mysqlhotcopy script in mysql 4.0.20 and ear

mysqlhotcopy | script | mysql |

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

The embedded MySQL 4.0 server for Proofpoint Pr

The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.

SQL injection vulnerability in auth.php in paNe

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.

mysql_install_db in MySQL 4.1.x before 4.1.12 a

mysql_install_db | before | MySQL | 41x |

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

MySQL 5.0.18 and earlier allows local users to

MySQL |

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4

Manager | Apple | MySQL | Mac |

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.

Opsware Network Automation System (NAS) 6.0 ins

Automation | Network | Opsware | System |

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.

Multiple SQL injection vulnerabilities in the M

Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.

The MySQL extension in PHP 5.2.4 and earlier al

extension | MySQL | PHP |

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

Software vulnerabilities results 1 to 20 of 131

Page: 12 3 4 5...7 ►

mysql software vulnerabilities

vulnerabilities.aspcode.net

Searching mysql software vulnerabilities