CVE-2009-2446 – MySQL 5.0.75 - 'sql_parse.cc' Multiple Format String Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2446
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de formato de cadena en la función dispatch_command en libmysqld/sql_parse.cc en mysqld de MySQL v4.0.0 hasta v5.0.83 permiten a usuarios remotos autenticados causar una denegación de servicio (mediante caída del demonio) y, posiblemente otros efectos no especificados, a través de especificadores de formato de cadena en el nombre de base de datos en una petición (1) COM_CREATE_DB o (2) COM_DROP_DB. NOTA: Algunos de estos detalles se obtienen a partir de información de terceros. • https://www.exploit-db.com/exploits/33077 http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://secunia.com/advisories/35767 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://securitytracker.com/id?1022533 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:179 http://w • CWE-134: Use of Externally-Controlled Format String •
CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/32838 http://bugs.mysql.com/bug.php?id=42495 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html http://secunia.com/advisories/34115 http://www.securityfocus.com/bid/33972 http://www.securitytracker.com/id?1021786 http://www.vupen.com/english/advisories/2009/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49050 https://oval.cisecurity.org/repository •
CVE-2008-4456 – MySQL 5 - Command Line Client HTML Special Characters HTML Injection
https://notcve.org/view.php?id=CVE-2008-4456
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente command-line en MySQL v5.0.26 a la v5.0.45, cuando la opción --html está activa, permite a los atacantes inyectar web script o HTML de su elección colocándolo en una celda de la base de datos, a la que puede acceder el cliente al comoponer un documento HTML. • https://www.exploit-db.com/exploits/32445 http://bugs.mysql.com/bug.php?id=27884 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://seclists.org/bugtraq/2008/Oct/0026.html http://secunia.com/advisories/32072 http://secunia.com/advisories/34907 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://securityreason.com/securityalert/4357 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4098 – mysql: incomplete upstream fix for CVE-2008-2079
https://notcve.org/view.php?id=CVE-2008-4098
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. MySQL anterior a 5.0.67, permite a usuarios locales evitar determinadas comprobaciones de privilegios haciendo una llamada CREATE TABLE en una tabla MyISAM que modifica los argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY que están asociados originalmente con los nombres de ruta (pathname) sin enlaces simbólicos, y que pueden apuntar a tablas creadas después de que un nombre de ruta sea modificado para tener un enlace simbólico a un subdirectorio del directorio de datos inicial de MySQL. NOTA: esta vulnerabilidad es debida a que no se solucionó completamente la vulnerabilidad CVE-2008-4097. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 http://bugs.mysql.com/bug.php?id=32167 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32578 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http://secunia.com/advisories/38517 http://ubuntu.com/usn/usn-897-1 http://www.debian.org/security/2008/dsa-1662 http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 http:// • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits vacía, que permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) mediante el uso de este token en una sentencia SQL. • https://www.exploit-db.com/exploits/32348 http://bugs.mysql.com/bug.php?id=35658 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/31769 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http& • CWE-134: Use of Externally-Controlled Format String •