CVE-2013-7491

CVE-2013-7491 affects the Perl DBI module prior to 1.628. The issue is a stack corruption that occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack is reallocated. Impact is described as potential memory corruption related to stack handling; exploitation ...

mysql: Server: UDF unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

Aerospike Operating System Command Injection Vulnerability

Aerospike is a NoSQL database solution from Aerospike, Inc. A security vulnerability exists in Aerospike Community Edition version 4.9.0.5. An attacker with a specially crafted UDF can exploit the vulnerability to execute arbitrary operating system commands on all nodes of the cluster with curren...

mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF...

mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF...

UBUNTU-CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF...

WordPress Plugin Marketplace 2.4.0 - Arbitrary File Download

Exploit Title: WP Marketplace 2.4.0 Arbitrary File Download Date: 26-10-2014 Software Link: https://wordpress.org/plugins/wpmarketplace/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9013 and CVE-2014-901...

w-CMS 2.0.1 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications --- Vuln Code : /userFunctions.php 6. switch$REQUEST'udef' // user defined function ... 11. case 'activity': procActivity; // Exploit/Proof of Concept PoC http://localhost/wcms/userFunctions.php?udef=activity&type=shell.php&content= Find your...

PostgreSQL for Linux Payload Execution

On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries from there as well, allowing execution of arbitrary code. This module compiles a Linux shared object file, uploads it to the target host via the...

Oracle MySQL for Microsoft Windows Payload Execution

$Id: mysqlpayload.rb 11899 2011-03-08 22:42:26Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

CVE-2010-3737

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service heap memory consumption by executing a 1 user-defined function UDF or 2 stored procedure while using a different code page than the database server...

Memory corruption

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service heap memory consumption by executing a 1 user-defined function UDF or 2 stored procedure while using a different code page than the database server...

CVE-2010-3737

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service heap memory consumption by executing a 1 user-defined function UDF or 2 stored procedure while using a different code page than the database server...

MySQL CREATE FUNCTION init_syms Buffer Overflow (CVE-2005-2558)

MySQL is an open-source implementation of a relational database management system. MySQL supports the SQL Structured Query Language database query language. To extend the functionality of SQL, MySQL provides a mechanism to call C/C++ functions in external binary libraries. This mechanism is known...

MySQL CREATE FUNCTION Table Arbitrary Library Injection (CVE-2005-0710)

MySQL is an open-source implementation of a relational database management system supporting the SQL Structured Query Language database query language. MySQL allows users to create user-defined functions UDF through the CREATE FUNCTION command. A vulnerability exists in the user-defined function...

MySQL CREATE FUNCTION libc Arbitrary Code Execution (CVE-2005-0709)

MySQL is an open-source implementation of a database system supporting the SQL Structured Query Language database query language. MySQL implements a CREATE FUNCTION command that enables a user to create a user-defined function UDF. There exists a vulnerability in the CREATE FUNCTION command of...

MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit

No description provided by source. / $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi [email protected] This is an helper dynamic library for local privilege escalation through MySQL run with root...

MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)

No description provided by source. -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi [email protected] -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat UDF on...

MySQL 4.x5.0 (Windows) - User-Defined Function Command Execution

MySQL 4.x5.0 Windows - User-Defined Function Command Execution -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat U...