CVE-2022-35866

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...

Deserialization Of Untrusted Data

Dataease is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper validation of JDBC connection parameters in the MysqlConfiguration class, which allows an attacker to connect to a malicious MySQL server and execute arbitrary system commands through deserialization...

EUVD-2002-1900

Malware in sbrugna...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

Exploit-CVE-2023-22518 CVE-2023-22518 in Confluence CVE-2023-22...

CVE-2021-31581

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 and later,...

CVE-2024-27295 Directus MySQL accent insensitive email matching

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

SUSE CVE-2015-1027

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the...

CVE-2021-31581

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 and later,...

CVE-2021-31581

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 and later,...

Design/Logic Flaw

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 and later,...

CVE-2017-3291

It was discovered that the mysqldsafe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root...

Debian DLA-1692-1 : phpmyadmin security update

An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP configuration. When the AllowArbitraryServer configuration setting is set to false default, the attacker nee...

DEBIAN-CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)

It was discovered that the mysqldsafe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root...

Percona toolkit and xtrabackup information disclosure vulnerability

Percona percona-toolkit and xtrabackup are both products of Percona Inc. percona-toolkit is a set of high-level command-line tools. xtrabackup is a set of open-source tools for backing up InnoDB databases with MySQL. version checking subroutine is one of the version checking subroutine . A securi...

DEBIAN-CVE-2015-1027

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the...

mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)

It was discovered that the mysqldsafe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root...

mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)

It was discovered that the mysqldsafe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root...

CVE-2016-4338

The mysql user parameter configuration script userparametermysql.conf in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size paramete...

mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)

It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...