GHSA-XGC2-Q928-27WV TYPO3 Sensitive Information Disclosure via escapeStrForLike method

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...

MariaDB多个拒绝服务漏洞

MariaDB基于事务的Maria存储引擎，替换了MySQL的MyISAM存储引擎，它使用了Percona的 XtraDB，InnoDB的变体，分支的开发者希望提供访问即将到来的MySQL 5.4 InnoDB性能。 1），当处理某些编写有子查询的SELECT语句时的空指针引用错误，可以被利用来导致系统崩溃。 成功利用此漏洞，需要在"materialization"和"semijoin"优化切换到打开时。 2） 处理有某些并发的SQL查询的KILL查询语句时的错误，可被利用来导致系统崩溃。 3）分析NAMECONST表达式时包含AND/OR表达式，可以被利用来导致系统崩溃。...

CVE-2010-5104

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...

CVE-2010-5104

TYPO3 contains an input-escaping flaw in escapeStrForLike affecting TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5. If MySQL is configured with sql_mode NO_BACKSLASH_ESCAPES, wildcard characters in LIKE queries can expose sensitive information to remote attackers. No exploi...