Page 81 of 412 results (0.018 seconds)

CVSS: 6.5EPSS: 94%CPEs: 47EXPL: 2

CVE-2012-5611 – MySQL (Linux) - Stack Buffer Overrun (PoC)

https://notcve.org/view.php?id=CVE-2012-5611

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. Desbordamiento de búfer basado en pila en MySQL v5.5.19, v5.1.53, y posiblemente otras versiones, y MariaDB v5.5.2.x antes de v5.5.28a, v5.3.x antes de v5.3.11, v5.2.x antes de v5.2.13 y v5.1.x antes de v5.1.66, permite a usuarios autenticados remotamente ejecutar código de su elección a través de un argumento largo en el comando GRANT FILE. • https://www.exploit-db.com/exploits/23075 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://lists • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0

CVE-2012-0574 – mysql: unspecified DoS vulnerability related to Server (CPU Jan 2013)

https://notcve.org/view.php?id=CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos. • http://marc.info/?l=bugtraq&m=135109152819176&w=2 http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 https://access.redhat.com •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-5383 – IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) - Missing DLL

https://notcve.org/view.php?id=CVE-2012-5383

Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation ** DISPUTADA** Vulnerabilidad de path de búsqueda no confiable en Oracle MySQL 5.5.28, cuando está instalada en el directorio C:\, podría permitir a usuarios locales obetner privilegios a través de un fichero DLL troyanizado en el directorio "C:\MySQL\MySQL Server 5.5\bin", el cual puede ser añadido a la variable de entorno PATH por un adminsitrador, como se demostró con el fichero wlbsctrl.dll troyanizado usado en el servicio de sistema "IKE and AuthIP IPsec Keying Modules" en Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, y Windows 8 Release Preview. NOTA: CVE disputa esta vulnerabilidad debida a un problema con PATH, que es un problema administrativo, y no es una parte por defecto de la instalación de MySQL • https://www.exploit-db.com/exploits/28130 http://osvdb.org/86175 https://www.htbridge.com/advisory/HTB23108 •

CVSS: 7.5EPSS: 96%CPEs: 61EXPL: 8

CVE-2012-2122 – MySQL - Authentication Bypass

https://notcve.org/view.php?id=CVE-2012-2122

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. sql/password.c en Oracle MySQL 5.1.x anterior a 5.1.63, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.6, y MariaDB 5.1.x anterior a 5.1.62, 5.2.x anterior a 5.2.12, 5.3.x anterior a 5.3.6, y 5.5.x anterior a 5.5.23, cuando se ejecuta en determinados entornos con determinadas implementaciones de la función memcmp, permite que atacantes remotos eviten la autenticación utilizando repetidamente la misma contraseña incorrecta, lo que eventualmente provoca una comparación de token con resultado de éxito en una variable de retorno no validada • https://www.exploit-db.com/exploits/19092 https://github.com/zhangkaibin0921/CVE-2012-2122 https://github.com/Avinza/CVE-2012-2122-scanner https://github.com/cyberharsh/Oracle-mysql-CVE-2012-2122 http://bugs.mysql.com/bug.php?id=64884 http://kb.askmonty.org/en/mariadb-5162-release-notes http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html http://seclists.org/oss-sec/2012/q2/493 http://secunia.com/advisories/49417 http://secunia.com/advisories/53372 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 5.0EPSS: 1%CPEs: 104EXPL: 0

CVE-2011-2262 – mysql: Unspecified vulnerability allows remote attackers to affect availability

https://notcve.org/view.php?id=CVE-2011-2262

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente MySQL Server de Oracle MySQL v5.1.x y v5.5.x permite a atacantes remotos afectar a la disponibilidad de los datos a través de vectores desconocidos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 http://secunia.com/advisories/48250 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.debian.org/security/2012/dsa-2429 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html http://www.ubuntu.com/usn/USN-1397-1 https://access.redhat.com/security/cve/CVE-2011-2262 https://bugzilla.redhat.com/show_bug.cgi?id=783793 •