Page 127 of 694 results (0.009 seconds)

CVSS: 5.8EPSS: 0%CPEs: 15EXPL: 0

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. MySQL 5.1.x versiones anteriores a 5.1.23, y 6.0.x versiones anteriores a 6.0.4, permite a usuarios remotos autenticados obtener privilegios en tablas de su elección mediante vectores no especificados involucrando el uso a nivel de tabla de opciones DATA DIRECTORY e INDEX DIRECTORY cuando se crea una tabla particionada con el mismo nombre que una tabla en la que el usuario no tiene privilegios. • http://bugs.mysql.com/bug.php?id=32091 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html http://osvdb.org/42607 http://securitytracker.com/id?1019084 http://www.vupen.com/english/advisories/2008/0560/references https://exchange.xforce.ibmcloud.com/vulnerabilities/38988 •

CVSS: 4.0EPSS: 9%CPEs: 1EXPL: 1

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. La función convert_search_mode_to_innobase del ha_innodb.cc en el motor InnoDB del 5.1.23-BK y versiones anteriores permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la base de datos) a través de ciertas operaciones CONTAINS sobre un índice de una columna, lo que dispara una afirmación de error. • https://www.exploit-db.com/exploits/30744 http://bugs.gentoo.org/show_bug.cgi?id=198988 http://bugs.mysql.com/bug.php?id=32125 http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/067350.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://secunia.com/advisories/27568 http://secunia.com/advisories/27649 http://secunia.com/advisories/27823 http://secunia.com/advisories/28025 http://secunia.com/advisories/28040 http://secunia. • CWE-20: Improper Input Validation •

CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. MySQL anterior a 4.1.23, 5.0.x anterior a 5.0.42, y 5.1.x anterior a 5.1.18 no requiere el privilegio DROP para sentencias RENAME TABLE, lo cual permite a usuarios autenticados remotamente renombrar tablas de su elección. • http://bugs.mysql.com/bug.php?id=27515 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.mysql.com/announce/470 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://osvdb.org/34766 http://secunia.com/advisories/25301 http://secunia.com/advisories/25946 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia. •

CVSS: 6.0EPSS: 5%CPEs: 48EXPL: 0

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. La función mysql_change_db en MySQL 5.0.x anterior a 5.0.40 y 5.1.x anterior a 5.1.18 no restaura los privilegios THD::db_access cuando regresa de rutinas almacenadas SQL SECURITY INVOKER, lo cual permite a usuarios autenticados remotamente obtener privilegios. • http://bugs.mysql.com/bug.php?id=27337 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://lists.mysql.com/announce/470 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://osvdb.org/34765 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/27823 http://secunia.com/advisories/28637 http://secunia.com/advisories/28838 http://secunia& •

CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 0

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. MySQL anterior a 5.1.18 permite a usuarios autenticados remotamente sin privilegios SELECT obtener información sensible desde tablas particionadas mediante una sentencia ALTER TABLE. • http://bugs.mysql.com/bug.php?id=23675 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://secunia.com/advisories/25301 http://www.securityfocus.com/bid/24008 http://www.securitytracker.com/id?1018071 http://www.vupen.com/english/advisories/2007/1804 https://exchange.xforce.ibmcloud.com/vulnerabilities/34349 •