EUVD-2007-2683

Malware in sbrugna...

CVE-2024-51245

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the renametable function...

CVE-2024-51245

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the renametable function...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited by an attacker to execute arbitrary commands by injecting malicious commands into mainfunction.cg...

PT-2024-7998 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename table function. This is due to the lack of measures to neutraliz...

SUSE CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables...

SUSE CVE-2007-5969

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system...

Privilege Escalation

MySQL is vulnerable to privilege escalation. It did not require the "DROP" privilege for "RENAME TABLE" statements. An authenticated user could use this flaw to rename arbitrary tables...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1

Ubuntu Update for Linux kernel vulnerabilities USN-528-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5281.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

mysql DROP privilege not enforced when renaming tables

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables...

mysql DROP privilege not enforced when renaming tables

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables...

GLSA-200804-04 : MySQL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200804-04 MySQL: Multiple vulnerabilities Multiple vulnerabilities have been reported in MySQL: Mattias Jonsson reported that a 'RENAME TABLE' command against a table with explicit 'DATA DIRECTORY' and 'INDEX DIRECTORY' options...

mysql: possible system table information overwrite using symlinks

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system...

mysql: possible system table information overwrite using symlinks

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system...

MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities

Binary data 4313.prm...

MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities

The version of MySQL Server installed on the remote host reportedly is affected by the following issues : - It is possible, by creating a partitioned table using the DATA DIRECTORY and INDEX DIRECTORY options, to gain privileges on other tables having the same name as the partitioned table. Bug...

MySQL服务器RENAME TABLE系统表格覆盖漏洞

BUGTRAQ ID: 26765 CVECAN ID: CVE-2007-5969 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 MySQL在某些配置情况下存在漏洞，本地攻击者可能利用此漏洞修改破坏数据表。 如果表格设置了DATA DIRECTORY和INDEX DIRECTORY选项的话，MySQL服务器在使用RENAME TABLE语句重新命名该表格时存在错误，可能允许攻击者通过某些符号链接替换所指向的文件导致覆盖系统表格信息。 MySQL AB MySQL...

MySQL Enterprise Server 5.0 < 5.0.52 Multiple Vulnerabilities

The version of MySQL Enterprise Server 5.0 installed on the remote host is earlier than 5.0.52. Such versions reportedly are affected by the following issues : - Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table...

Oracle MySQL Enterprise Server < 5.0.52 Multiple Vulnerabilities

Binary data 4312.prm...

MySQL Server重命名表系统表覆盖漏洞

MySQL Server是一款开放源代码的数据库。br / MySQL Server不正确处理符号链接，本地攻击者可以利用漏洞覆盖MySQL系统表导致拒绝服务攻击。br / 使用明确的DATA DIRECTORY和INDEX DIRECTORY选项使用RENAME TABLE对表进行操作。可导致通过符号链接使用替代文件来覆盖系统表信息。可造成数据库崩溃。br / MySQL AB MySQL 5.0.50 MySQL AB MySQL 5.0.49 MySQL AB MySQL 5.0.48 MySQL AB MySQL 5.0.47 MySQL AB MySQL 5.0.46 MySQ...