CVE-2012-1696
https://notcve.org/view.php?id=CVE-2012-1696
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente de servidor MySQL en Oracle MySQL v5.5.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el Optimizador de servidor. • http://secunia.com/advisories/48890 http://secunia.com/advisories/49179 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securityfocus.com/bid/53071 http://www.securitytracker.com/id?1026934 •
CVE-2007-6313
https://notcve.org/view.php?id=CVE-2007-6313
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. MySQL Server 5.1.x antes de 5.1.23 y 6.0.x antes de 6.0.4 no comprueba los privilegios de entidad ejecutando BINLOG, lo que permite a usuarios autorizados remotamente ejecutar sentencias BINLOG de su elección. • http://bugs.mysql.com/31611 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://osvdb.org/43179 http://www.securitytracker.com/id?1019083 http://www.vupen.com/english/advisories/2008/0560/references • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5969 – mysql: possible system table information overwrite using symlinks
https://notcve.org/view.php?id=CVE-2007-5969
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. MySQL Community Server versiones 5.0.x anteriores a 5.0.51, Enterprise Server versiones 5.0.x anteriores a 5.0.52, Server versiones 5.1.x anteriores a 5.1.23 y Server versiones 6.0.x anteriores a 6.0.4, cuando una tabla se basa en symlinks creados por medio de las opciones explícitas DATA DIRECTORY e INDEX DIRECTORY, permite a los usuarios remotos autenticados sobrescribir la información de la tabla del sistema y alcanzar privilegios por medio de una sentencia RENAME TABLE que cambia el symlink para que apunte hacia un archivo existente. • http://bugs.mysql.com/32111 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html http://forums.mysql.com/read.php?3%2C186931%2C186931 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.mysql.com/announce/495 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3780 – mysql malformed password crasher
https://notcve.org/view.php?id=CVE-2007-3780
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. MySQL Community Server anterior a 5.0.45 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante un paquete de contraseña mal formado en el protocolo de control. • http://bugs.mysql.com/bug.php?id=28984 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html http://lists.mysql.com/announce/470 http://osvdb.org/36732 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26621 http://secunia.com/advisories/26710 http:/ • CWE-20: Improper Input Validation •
CVE-2007-3781 – New release of MySQL fixes security bugs
https://notcve.org/view.php?id=CVE-2007-3781
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. MySQL Community Server anterior al 5.0.45 no requiere privilegios como el SELECT para la tabla de origen en la sentencia CREATE TABLE LIKE, lo que permite a usuarios remotos autenticados la obtención de información sensible como la estructura de la tabla. • http://bugs.mysql.com/bug.php?id=25578 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html http://lists.mysql.com/announce/470 http://osvdb.org/37783 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26987 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http:& •