Page 48 of 239 results (0.009 seconds)

CVSS: 4.6EPSS: 0%CPEs: 22EXPL: 0

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. • http://marc.info/?l=full-disclosure&m=111632686805498&w=2 http://secunia.com/advisories/15369 http://secunia.com/advisories/17080 http://www.mandriva.com/security/advisories?name=MDKSA-2006:045 http://www.redhat.com/support/errata/RHSA-2005-685.html http://www.securityfocus.com/bid/13660 http://www.zataz.net/adviso/mysql-05172005.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. El script mysqlaccess de MySQL 4.0.23 y anteriores, 4.1.x anteriores a 4.1.10, 5.0.x anteriores a 5.0.3, y otras versiones incluyendo 3.x permite a usuarios locales sobreescribir ficheros arbitrariamente o leer ficheros temporales mediante un enlace de enlaces simbólicos (symlink) en ficheros temporales. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 http://lists.mysql.com/internals/20600 http://marc.info/?l=bugtraq&m=110608297217224&w=2 http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html http://secunia.com/advisories/13867 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-647 http://www.mandriva.com/security/advisories?name=MDKSA-2005:036 http://www.securityfocus.com/bid/12277 https:&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 3

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. MySQL 4 anteriores a 4.0.21 y 3.x anteriores a 3.23.49 comprueban los derechos CREATE/INSERT de la tabla original en lugar de los de la tabla de destino en una operación ALTER TABLE RANAME, lo que podría permitir a atacantes realizar actividades no permitidas. • https://www.exploit-db.com/exploits/24669 http://bugs.mysql.com/bug.php?id=3270 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 http://lists.mysql.com/internals/13073 http://secunia.com/advisories/12783 http://securitytracker.com/id?1011606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.ciac.org/ciac/bulletins/p-018.shtml http://www.debian.org/security/2004/dsa-562 http://www.gentoo.org/security/en/glsa/glsa-200 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. • http://dev.mysql.com/doc/mysql/en/news-4-1-2.html http://marc.info/?l=bugtraq&m=108206802810402&w=2 http://secunia.com/advisories/11223 http://security.gentoo.org/glsa/glsa-200405-20.xml http://securitytracker.com/id?1009784 http://www.ciac.org/ciac/bulletins/p-018.shtml http://www.debian.org/security/2004/dsa-483 http://www.mandriva.com/security/advisories?name=MDKSA-2004:034 http://www.osvdb.org/6421 http://www.redhat.com/support/errata/RHSA-2004-5 •