Lucene search
K

159 matches found

Cvelist
Cvelist
added 2011/08/05 9:0 p.m.27 views

CVE-2011-2900

Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT...

7.8AI score0.13256EPSS
Exploits6References11
VulnCheck KEV
VulnCheck KEV
added 2011/08/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2011-2900

Stack-based buffer overflow in the 1 putdir function in mongoose.c in Mongoose 3.0, 2 putdir function in yasslEWS.c in yaSSL Embedded Web Server yasslEWS 0.2, and 3 shttpdputdir function in iodir.c in Simple HTTPD shttpd 1.42 allows remote attackers to execute arbitrary code via...

7.5CVSS6.4AI score0.13256EPSS
Exploits6References1
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.79 views

MySQL yaSSL (Linux) - SSL Hello Message Buffer Overflow (Metasploit)

$Id: mysqlyasslhello.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

7.5CVSS6.6AI score0.91602EPSS
Exploits13
Exploit DB
Exploit DB
added 2010/05/09 12:0 a.m.91 views

MySQL yaSSL (Windows) - SSL Hello Message Buffer Overflow (Metasploit)

$Id: mysqlyasslhello.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

7.5CVSS6.6AI score0.91602EPSS
Exploits13
Exploit DB
Exploit DB
added 2010/04/30 12:0 a.m.51 views

MySQL - yaSSL CertDecoder::GetName Buffer Overflow (Metasploit)

$Id: mysqlyasslgetname.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.5CVSS7AI score0.69552EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2010/02/16 4:5 p.m.6 views

mysql: client SSL certificate verification flaw

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS7.4AI score0.01766EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2010/02/06 12:0 a.m.30 views

MySQL yaSSL CertDecoder::GetName Buffer Overflow

$Id: mysqlyasslgetname.rb 8287 2010-01-28 07:34:47Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

0.4AI score
Exploits0
Metasploit
Metasploit
added 2010/01/27 11:24 p.m.77 views

MySQL yaSSL CertDecoder::GetName Buffer Overflow

This module exploits a stack buffer overflow in the yaSSL 1.9.8 and earlier implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside...

7.5CVSS7.8AI score0.69552EPSS
Exploits4
Metasploit
Metasploit
added 2010/01/27 11:24 p.m.55 views

MySQL yaSSL SSL Hello Message Buffer Overflow

This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MySQL yaSSL SSL Hello Message Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MC' ,...

7.5CVSS7.9AI score0.91602EPSS
Exploits13
seebug.org
seebug.org
added 2010/01/27 12:0 a.m.21 views

MySQL yaSSL库证书解析栈溢出漏洞

BUGTRAQ ID: 37943 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL所捆绑的yaSSL库在解析畸形证书时存在栈溢出漏洞,如果数据库在编译时加入了对SSL的支持并且配置打开了SSL功能,远程攻击者可能利用此漏洞通过提交畸形的证书内容触发这个溢出,从而在服务器上执行任意指令。 MySQL AB MySQL 5.5-ms2 MySQL AB MySQL 5.1.x MySQL AB MySQL 5.0.x 厂商补丁: MySQL AB --------...

6.9AI score
Exploits0
Metasploit
Metasploit
added 2010/01/26 8:12 p.m.37 views

MySQL yaSSL SSL Hello Message Buffer Overflow

This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MySQL yaSSL SSL Hello Message Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MC' ,...

7.5CVSS0.8AI score0.91602EPSS
Exploits13
Prion
Prion
added 2009/12/30 9:30 p.m.65 views

Stack overflow

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary cod...

7.5CVSS8AI score0.69552EPSS
Exploits4References36Affected Software5
CVE
CVE
added 2009/12/30 9:0 p.m.163 views

CVE-2009-4484

The CVE-2009-4484 issue affects yaSSL’s CertDecoder::GetName in taocrypt/src/asn.cpp (yaSSL before 1.9.9), which MySQL bundles and uses for SSL handshakes. A crafted X.509 client certificate name can trigger multiple stack-based buffer overflows, enabling remote code execution or memory corruptio...

7.5CVSS7.7AI score0.69552EPSS
Exploits4References36Affected Software1
Positive Technologies
Positive Technologies
added 2009/12/30 12:0 a.m.3 views

PT-2009-6604 · Mysql Server +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: yaSSL versions prior to 1.9.9 MySQL versions prior to 5.0.90 MySQL versions prior to 5.1.43 MySQL versions 5.5.x through 5.5.0-m2 Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service by...

7.5CVSS7.5AI score0.69552EPSS
Exploits4References41
UbuntuCve
UbuntuCve
added 2009/12/30 12:0 a.m.40 views

CVE-2009-4484

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary cod...

7.5CVSS6.3AI score0.69552EPSS
Exploits4References4
seebug.org
seebug.org
added 2009/12/02 12:0 a.m.582 views

MySQL OpenSSL客户端绕过yaSSL服务器证书验证漏洞

BUGTRAQ ID: 37076 CVE ID: CVE-2009-4028 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 在使用OpenSSL的时候,MySQL的viosslfactories.c文件中的vioverifycallback函数可以接受深度为0的X.509证书: vioverifycallback at viosslfactories.c: / Approve cert if depth is greater then "verifydepth", currently verifydepth is always 0 and there...

6.8CVSS6.2AI score0.01766EPSS
Exploits2
Prion
Prion
added 2009/11/30 5:30 p.m.36 views

Design/Logic Flaw

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS6.1AI score0.01766EPSS
Exploits2References12Affected Software1
UbuntuCve
UbuntuCve
added 2009/11/30 5:30 p.m.49 views

CVE-2009-4028

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS7AI score0.01766EPSS
Exploits2References1
Cvelist
Cvelist
added 2009/11/30 5:0 p.m.33 views

CVE-2009-4028

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

5.9AI score0.01766EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2009/11/24 12:0 a.m.22 views

Oracle MySQL < 5.1.41 Multiple Vulnerabilities

Binary data 5240.prm...

4.6CVSS7.3AI score0.16263EPSS
Exploits5References7
Rows per page
Query Builder