Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:mysql:mysql:4.1.13:a:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-2753 |
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. Published: June 01, 2006; 1:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-1516 |
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. Published: May 05, 2006; 8:46:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-1517 |
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. Published: May 05, 2006; 8:46:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-0903 |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. Published: February 27, 2006; 6:02:00 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |