PT-2014-7231 · Oracle +6 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.38 and earlier Oracle MySQL Server versions 5.6.19 and earlier MariaDB affected versions not specified Description: The issue affects the availability of the system, allowing remote authenticated users to...

MySQL Binary Log SQL Injection

The version of MySQL installed on the remote host is earlier than 5.5.33 / 5.6.x earlier than 5.6.13 and is, therefore, potentially affected by multiple SQL injection vulnerabilities. User-supplied identifiers are not properly quoted before being written into the binary log. An attacker with a...

CVE-2012-4414

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to t...

Sql injection

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to t...

CVE-2012-4414

Disclaimer: This data contains information about vulnerable...

CVE-2012-4414

CVE-2012-4414 concerns multiple SQL injection vulnerabilities in the replication code of MySQL/MariaDB. Public details describe remote authenticated access could allow arbitrary SQL execution via the binary log vectors in MySQL versions prior to 5.5.29 and MariaDB 5.1.x–5.1.62, 5.2.x–5.2.12, 5.3....

Rails 3.0.5 Log File Injection Proof Of Concept

Encoding: UTF-8 Log-File-Injection - Ruby on Rails 3.05 possibilities: - possible date back attacks tried with request-log-analyzer: worked but teasercheckwarnings - ip spoofing - binary log-injections - DOS if ip is used with an iptables-ban-script !! works only on intranet apps !! Fix: validate...

MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service mysqld daemon crash via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind...