mysql: privilege escalation via DATA/INDEX DIRECTORY directives

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...

MySQL <= 5.0.45 post auth format string vulnerability

MySQL tested: Version 5.0.45 on CentOS Linux Format String Vulnerability MySQL General Available GA Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source mysql-5.0.75.tar.gz in the file libmysqld/sqlparse.cc this source code is also...

MySQL: Using an empty binary value leads to server crash

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

phpMyAdmin 3.1.0 (XSRF) SQL Injection Vulnerability

No description provided by source. Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit was released along side...

mysql DROP privilege not enforced when renaming tables

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables...

Single MySQL worker can be crashed (NULL deref) with certain SELECT statements

MySQL 5.x before 5.0.36 allows local users to cause a denial of service database crash by performing informationschema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort...

mysql improper suid argument evaluation

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE...

MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial of Service

source: https://www.securityfocus.com/bid/28351/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate users. NOTE: An attacker must be...

Ubuntu 6.06 LTS / 6.10 : mysql-dfsg-5.0 vulnerability (USN-440-1)

Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL subselect queries using 'ORDER BY' could be made to crash the MySQL server. An attacker with access to a MySQL instance could cause an intermitant denial of service. Note that Tenable Network Security has extracted the precedi...

mysql-server create database privilege escalation

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions...

Drupal core - Denial of service

The way page caching was implemented allows a denial of service attack. An attacker has to have the ability to post content on the site. He or she would then be able to poison the page cache, so that it returns cached 404 page not found errors for existing pages. If the page cache is not enabled,...

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability

------------------------------------------------------------------------ ------------------- Mafia Moblog pathtotemplate Remote File Inclusion ------------------------------------------------------------------------ ------------------- Author : Sh3ll Date : 2006/04/30 HomePage : http://www.sh3ll....

Mysql log file obfuscation

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysqlrealquery function. NOTE: this issue was originally reported for the mysqlquery function, but the vendor states that since mysqlquer...

security flaw

MySQL before 4.1.13 allows local users to cause a denial of service persistent replication slave crash via a query with multiupdate and subselects...

security flaw

The checkconnection function in sqlparse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read...

CVE-2006-2753

CVE-2006-2753 – MySQL SQL injection via multibyte encodings : Affected products are MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22. The issue arises when multibyte encodings (e.g., SJIS, BIG5, GBK) are processed during input escaping with mysql_real_escape, leading to context-dependent SQL inj...

Design/Logic Flaw

sqlparse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COMTABLEDUMP request with an incorrect packet length, which includes portions of memory in an error message...

USN-274-1: MySQL vulnerability

A logging bypass was discovered in the MySQL query parser. A local attacker could exploit this by inserting NUL characters into query strings even into comments, which would cause the query to be logged incompletely. This only affects you if you enabled the 'log' parameter in the MySQL...

EUVD-2005-2559

Stack-based buffer overflow in the initsyms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long functionname field...

CVE-2005-0709

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, onexit, and exit...