4 results (0.011 seconds)

CVSS: 7.1EPSS: 4%CPEs: 10EXPL: 1

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. MySQL Community Server versiones 5.0.x anteriores a 5.0.51, Enterprise Server versiones 5.0.x anteriores a 5.0.52, Server versiones 5.1.x anteriores a 5.1.23 y Server versiones 6.0.x anteriores a 6.0.4, cuando una tabla se basa en symlinks creados por medio de las opciones explícitas DATA DIRECTORY e INDEX DIRECTORY, permite a los usuarios remotos autenticados sobrescribir la información de la tabla del sistema y alcanzar privilegios por medio de una sentencia RENAME TABLE que cambia el symlink para que apunte hacia un archivo existente. • http://bugs.mysql.com/32111 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html http://forums.mysql.com/read.php?3%2C186931%2C186931 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.mysql.com/announce/495 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htm • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 83%CPEs: 1EXPL: 0

MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. MySQL Community Server anterior a 5.0.45 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante un paquete de contraseña mal formado en el protocolo de control. • http://bugs.mysql.com/bug.php?id=28984 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html http://lists.mysql.com/announce/470 http://osvdb.org/36732 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26621 http://secunia.com/advisories/26710 http:/ • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. MySQL Community Server anterior al 5.0.45 no requiere privilegios como el SELECT para la tabla de origen en la sentencia CREATE TABLE LIKE, lo que permite a usuarios remotos autenticados la obtención de información sensible como la estructura de la tabla. • http://bugs.mysql.com/bug.php?id=25578 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html http://lists.mysql.com/announce/470 http://osvdb.org/37783 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26498 http://secunia.com/advisories/26987 http://secunia.com/advisories/28040 http://secunia.com/advisories/28108 http://secunia.com/advisories/28128 http:& •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. MySQL Community Server anterior a 5.0.45 permite a usuarios autenticados remotamente obtener privilegios de actualización (update) para una tabla en otra base de datos mediante una vista que se refiere a esta tabla externa. • http://bugs.mysql.com/bug.php?id=27878 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html http://lists.mysql.com/announce/470 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/26710 http://secunia.com/advisories/26987 http://secunia.com/advisories/27155 http://secunia.com/advisories/27823 http://secunia.com/advisories/30351 http://securitytracker.com/id?101 • CWE-264: Permissions, Privileges, and Access Controls •