Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a β¦ (dot dot) in a table name.
bugs.mysql.com/bug.php?id=53371
dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.mysql.com/commits/107532
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
securitytracker.com/id?1024031
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2010:107
www.redhat.com/support/errata/RHSA-2010-0442.html
www.redhat.com/support/errata/RHSA-2010-0824.html
www.ubuntu.com/usn/USN-1397-1
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10258
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7210