SUSE CVE-2012-0102

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101...

CVE-2009-5026

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments...

MySQL CREATE TABLE调用绕过访问限制漏洞

CVE ID: CVE-2008-7247 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 当数据主目录包含有到不同文件系统的符号链接时，MySQL的ql/sqltable.cc允许通过认证的远程攻击者通过以特殊DATA DIRECTORY或INDEX DIRECTORY参数调用CREATE TABLE绕过预期的访问限制，执行各种非授权操作。 MySQL AB MySQL 6.0 MySQL AB MySQL 5.1.x MySQL AB MySQL 5.0.x 厂商补丁： MySQL AB --------...

Design/Logic Flaw

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

CVE-2009-4028

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

SuSE9 Security Update : MySQL (YOU Patch Number 12175)

The database server mySQL was updated to fix two security problems : - MySQL allowed local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory, which can poin...

Mandriva Linux Security Advisory : mysql (MDVSA-2008:028)

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 did not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges CVE-2007-2692. The federated engine in MySQL 5.0.x, when performing a certain SHOW...

Mandriva Update for mysql MDVSA-2008:017 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2008:017 mysql Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for mysql MDVSA-2008:017 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2008:017 mysql Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

MySQL 5.0.x - Single Row SubSelect Remote Denial of Service

source: https://www.securityfocus.com/bid/22900/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain select statements to database metadata. An attacker can exploit this issue to crash the application, denying access to legitimate users. The attacker...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:097)

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...

CVE-2006-2753

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...

CVE-2006-1518

Buffer overflow in the opentable function in sqlbase.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COMTABLEDUMP packets with invalid length values...