Arbitrary Code Execution

mariadb-galera is vulnerable to arbitrary code execution attacks. The vulnerability exists as Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before...

Design/Logic Flaw

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...

MariaDB 10.1.0 < 10.1.17

The version of MariaDB installed on the remote host is prior to 10.1.17. It is, therefore, affected by a vulnerability as referenced in the 10.1.17 advisory. - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x...

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...

UBUNTU-CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...

Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662

LegalHackers' reports: RCE Bugs discovered in MySQL and its variants like MariaDB. It works by manipulating my.cnf files and using --malloc-lib. The bug seems fixed in MySQL 5.7.15 by Oracle...

PT-2016-7027

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier MariaDB versions prior to 5.5.51, 10.0.x prior to 10.0.27, and 10.1.x prior to 10.1.17 Percona Server versions prior to 5.5.51-38.1, 5.6.x prior to 5.6.32-78.0, a...

Maian Gallery 2 - Local File Download Vulnerability

No description provided by source. !/usr/bin/python This vulnerability uses filegetcontents so we have some limitations, we cant execute PHP and we cant read files that the web server will interpret such as PHP, conf etc tested on: Ubuntu Linux 2.6.32 with php v5.3.2 registerglobals = Off PRIVATE...

MySQL 3.23.x mysqld Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line...

VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact

VladTheEnterprising Gem for Ruby contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/my.cnf.targethost file they can overwrite arbitrary files, gain access to the MySQL root password, or inject arbitrary...

CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability

CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. "When a user connects to...

Выполнение подзапросов и команд ОС в инъекциях SELECT под MySQL

We would like to open our blog notes on the practical implementation of the SQL-injections. And also we try to focus more attention on the practical aspects of web application security in the future. SQL injections are the most common server-side Web application vulnerabilities and meet almost...

MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)

MySQL tested: Version 5.0.45 on CentOS Linux Format String Vulnerability MySQL General Available GA Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source mysql-5.0.75.tar.gz in the file libmysqld/sqlparse.cc this source code is also...

MySQL datadir/my.cnf Modification Privilege Escalation

The remote version of MySQL is older than 3.23.56. Such versions are affected by an issue that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a 'DATADIR/my.cnf' that includes the line 'user=root' under the 'mysqld' option...