7 matches found
CVE-2012-4452
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point...
MySQL < 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 MyISAM CREATE TABLE Privilege Check Bypass
The version of MySQL installed on the remote host is earlier than 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 and thus reportedly allows a local user to circumvent privileges through creation of MyISAM tables using the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the...
MODx Revolution CMS Cross Site Scripting
getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $c-innerJoin'modUserProfile','Profile'; 75: $c-wherearray 76: '...
Mandriva Linux Security Advisory : mysql (MDVSA-2010:011)
Multiple vulnerabilities has been found and corrected in mysql : mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not 1 properly handle errors during execution of certain SELECT statements with subqueries, and does not 2 preserve certain nullvalue flags during execution of...
Fedora Core 10 FEDORA-2009-12180 (mysql)
The remote host is missing an update to mysql announced via advisory FEDORA-2009-12180. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2009-4019
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not 1 properly handle errors during execution of certain SELECT statements with subqueries, and does not 2 preserve certain nullvalue flags during execution of statements that use the GeomFromWKB function, which allows remote...
MySQL拒绝服务和客户端证书校验漏洞
MySQL是一款流行的数据库服务程序。 MySQL存在多个安全漏洞,恶意攻击者可以进行拒绝服务和伪造攻击。 -链接OpenSSL库的MySQL客户端包含的"vioverifycallback"函数存在错误,MySQL服务器如果使用深度为零的证书,攻击者可以进行中间人攻击。 -对在WHERE子句中包含子查询的"SELECT"缺少错误处理和指派一个SELECT结果给用户变量,这个结果可导致服务程序崩溃。 -当处理Geometry值作为第一个参数时"GeomFromWKB"函数不正确保留参数的空值标记,可导致服务程序崩溃。 MySQL 5.x MySQL...