) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2005-0711 |
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. Published: May 02, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2005-0004 |
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
| CVE-2004-0957 |
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2004-0956 |
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2004-0835 |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2004-0836 |
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2004-0837 |
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
| CVE-2004-0457 |
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
| CVE-2004-0381 |
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. Published: May 04, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2003-0780 |
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. Published: September 22, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |