Oracle MySQL Eventum 2.3 Cross Site Scripting

Oracle MySQL Eventum 2.3 Remote Script Insertion Vulnerabilities Vendor: MySQL AB / Oracle Corporation Product web page: http://forge.mysql.com/wiki/Eventum Affected version: 2.2 and 2.3 Summary: Eventum is a user-friendly and flexible issue tracking system that can be used by a support departmen...

MySQL 5.1.x错误UNINSTALL PLUGIN权限检查漏洞

BUGTRAQ ID: 39543 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 MySQL没有正确地执行UNINSTALL PLUGIN权限检查，用户无需拥有DELETE权限便可卸载插件 MySQL 5.1.x 厂商补丁： MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.mysql.com/commits/103144?f=plain http://bazaar.launchpad.net/mysql/mysql-server/mysql-5.1/revision/33...

MySQL MaxDB Webtool GET Command Buffer Overflow (CVE-2005-0684)

MaxDB is an open source database application suite developed by MySQL AB available for various operating systems. The software bundles an HTTP server component, named Webtool, used to provide web-based application interfaces. Clients can connect to the Webtool with a web browser and access...

MySQL sql_parse.cc远程格式串漏洞

BUGTRAQ ID: 35609 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 MySQL的sqlparse.cc文件中的dispatchcommand函数存在格式串错误： 2084行： case COMCREATEDB: // QQ: To be removed char db=thd-strduppacket, alias; HACREATEINFO createinfo; statisticincrementthd-statusvar.comstatSQLCOMCREATEDB, &LOCKstatus; // null test to...

MySQL Connector/NET缺少SSL证书验证漏洞

BUGTRAQ ID: 35514 MySQL Connector/Net是MySQL数据库的ADO.NET驱动。 MySQL Connector/Net在使用加密的时候没有对服务器的证书执行验证。在NativeDriver.cs文件中，StartSSL函数依赖于名为 NoServerCheckValidation的验证函数，而该函数没有执行任何验证。此外还有另一个名为ServerCheckValidation 的函数，而该函数被标注掉。 能够对连接执行中间人攻击的攻击者可以通过利用这个漏洞绕过加密验证，从而破坏SSL所提供的安全性。 MySQL AB MySQL Connector/N...

MySQL Alter表函数信息泄露漏洞

MySQL是一款开放源代码的数据库程序。 MySQL不正确执行针对Alter表函数的访问控制，远程攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1.6...

MySQL特权提升和安全绕过漏洞

MySQL是一款开放源代码的数据库程序。 MySQL存在特权提升和安全绕过问题，远程攻击者可以利用漏洞以高特权执行任意命令并绕过限制建立新的数据库。 验证用户可以通过如下方法建立新的数据： $ mysql -u root -p -S /path/to/socket Enter password: mysql create database 'sample'; mysql grant all on sample. to 'sample'@'%' identified by 'password'; mysql \q $ mysql -h my.mysql.server -u sample -...

MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14436/info MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

XML-RPC for PHP Remote Code Injection Vulnerability

Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...