CVE-2009-2446 – MySQL 5.0.75 - 'sql_parse.cc' Multiple Format String Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2446
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de formato de cadena en la función dispatch_command en libmysqld/sql_parse.cc en mysqld de MySQL v4.0.0 hasta v5.0.83 permiten a usuarios remotos autenticados causar una denegación de servicio (mediante caída del demonio) y, posiblemente otros efectos no especificados, a través de especificadores de formato de cadena en el nombre de base de datos en una petición (1) COM_CREATE_DB o (2) COM_DROP_DB. NOTA: Algunos de estos detalles se obtienen a partir de información de terceros. • https://www.exploit-db.com/exploits/33077 http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://secunia.com/advisories/35767 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://securitytracker.com/id?1022533 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:179 http://w • CWE-134: Use of Externally-Controlled Format String •
CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/32838 http://bugs.mysql.com/bug.php?id=42495 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html http://secunia.com/advisories/34115 http://www.securityfocus.com/bid/33972 http://www.securitytracker.com/id?1021786 http://www.vupen.com/english/advisories/2009/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49050 https://oval.cisecurity.org/repository •
CVE-2008-4456 – MySQL 5 - Command Line Client HTML Special Characters HTML Injection
https://notcve.org/view.php?id=CVE-2008-4456
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente command-line en MySQL v5.0.26 a la v5.0.45, cuando la opción --html está activa, permite a los atacantes inyectar web script o HTML de su elección colocándolo en una celda de la base de datos, a la que puede acceder el cliente al comoponer un documento HTML. • https://www.exploit-db.com/exploits/32445 http://bugs.mysql.com/bug.php?id=27884 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://seclists.org/bugtraq/2008/Oct/0026.html http://secunia.com/advisories/32072 http://secunia.com/advisories/34907 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://securityreason.com/securityalert/4357 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4097
https://notcve.org/view.php?id=CVE-2008-4097
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. MySQL 5.0.51a permite a los usuarios locales evitar la comprobación de ciertos privilegios por la llamada a CREATE TABLE en una tabla MyISAM con argumentos modificados (1) DATA DIRECTORY o (2) INDEX DIRECTORY que son asociados con symlinks dentro de nombres de ruta (pathnames), para subdirectorios del directorio de datos principal de MySQL , el cual es seguido cuando las tablas son creadas en el futuro. NOTA: Esta vulnerabilidad por una incompleta solución para CVE-2008-2079. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 http://www.openwall.com/lists/oss-security/2008/09/09/20 http://www.openwall.com/lists/oss-security/2008/09/16/3 http://www.ubuntu.com/usn/USN-671-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4098 – mysql: incomplete upstream fix for CVE-2008-2079
https://notcve.org/view.php?id=CVE-2008-4098
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. MySQL anterior a 5.0.67, permite a usuarios locales evitar determinadas comprobaciones de privilegios haciendo una llamada CREATE TABLE en una tabla MyISAM que modifica los argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY que están asociados originalmente con los nombres de ruta (pathname) sin enlaces simbólicos, y que pueden apuntar a tablas creadas después de que un nombre de ruta sea modificado para tener un enlace simbólico a un subdirectorio del directorio de datos inicial de MySQL. NOTA: esta vulnerabilidad es debida a que no se solucionó completamente la vulnerabilidad CVE-2008-4097. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://bugs.mysql.com/bug.php?id=32167 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32578 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http://secunia.com/advisories/38517 http://ubuntu.com/usn/usn-897-1 http://www.debian.org/security/2008/dsa-1662 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 http:// • CWE-59: Improper Link Resolution Before File Access ('Link Following') •