Next Page >>
MySQL 5.0
MySQL (tested: Version 5.0.45 on CentOS (Linux)) Format String Vulnerability
MySQL General Available (GA) Release is vulnerable.
Latest MySQL Version is not vulnerable since the bug if ifdef'ed off.
from mysql-5.0.75 source (mysql-5.0.75.tar.gz) in the file
libmysqld/sql_parse.cc
this source code is also included in mysql-4.0.0, mysql versions >=
4.0.0 are affected.
function prototype: write(THD *thd, enumenum_server_command command,
Hello,
CVE-2005-2573 is reported for MySQL 4.1.x before 4.1.13 and MySQL 5.0
before 5.0.7. However. I tested this vulnerability in MySQL 5.0.51a on
Windows xp sp2, and found this version vulnerable too.
According to CVE-2008-4098, that is reported because of an incomplete fix for CVE-2008-4097, i think this vulnerability should be reported again for an incomplete fix.
I tested CVE-2005-2573 in MySQL 5.0.51a and windows XP again and found this vulnerability isn't fixed. Here is my done steps for executing this vulnerability.
===========================================================
Ubuntu Security Notice USN-528-1 October 11, 2007
mysql-dfsg-5.0 vulnerabilities
CVE-2007-2583, CVE-2007-2691, CVE-2007-3780, CVE-2007-3782
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
===========================================================
Ubuntu Security Notice USN-897-1 February 10, 2010
mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446,
CVE-2009-4019, CVE-2009-4030, CVE-2009-4484
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
> Platform: unix
> Bug: safemode & open_basedir bypass
> ======
> 2) Bug
> ======
> various mysql functions safemode & open_basedir bypass
> ( LOAD_FILE , INTO DUMPFILE , INTO OUTFILE )
Not a PHP *bug*, so much as yet another reason why "safe mode" and
"open_basedir" are fundamentally wrong ideas (and are being
terminated, with prejudice, in future PHP development). Users (and
Mandriva Linux Security Advisory MDVSA-2009:094
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : April 22, 2009
Affected: 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
This security advisory identifies the following vulnerabilities:
* ACE Device Manager and ANM invalid directory permissions
vulnerability
* ANM default user credentials vulnerability
* ANM MySQL default credentials vulnerability
* ANM Java agent privilege escalation
Cisco has released free software updates that address these
vulnerabilities. A workaround that mitigates one of the issues is
available.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MySQL: Multiple vulnerabilities
Date: April 06, 2008
Bugs: #201669
ID: 200804-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Platform: unix
> Bug: safemode & open_basedir bypass
> ======
> 2) Bug
> ======
> various mysql functions safemode & open_basedir bypass
> ( LOAD_FILE , INTO DUMPFILE , INTO OUTFILE )
Not a PHP *bug*, so much as yet another reason why "safe mode" and
"open_basedir" are fundamentally wrong ideas (and are being
terminated, with prejudice, in future PHP development). Users (and
Mandriva Linux Security Advisory MDVSA-2009:326
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:012
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : January 17, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TorrentTrader is a feature packed and highly customisable PHP/MySQL Based
BitTorrent tracker. Featuring integrated forums and plenty of administration
options. Please visit www.torrenttrader.org for the support forums.
http://sourceforge.net/projects/torrenttrader
Mandriva Linux Security Advisory MDVSA-2010:011
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : January 17, 2010
Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
http://localhost/mybb.1.2.10/moderation.php?fid=2&action=do_mergeposts
&mergepost[war]=1&mergepost[axe]=2
... and we can see sql error message:
MySQL error: 1054
Unknown column 'war' in 'where clause'
Query: SELECT p.pid, p.uid, p.fid, p.tid, p.visible, p.message, f.usepostcounts
FROM mybb_posts p LEFT JOIN mybb_forums f ON (f.fid=p.fid)
WHERE p.tid='0' AND p.pid IN(war,axe) ORDER BY dateline ASC
Mandriva Linux Security Advisory MDVSA-2008:028
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : January 29, 2008
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
. "(sess_id = '$sessid') AND (start_time > $mintime) AND (remote_ip = '$remote_ip')";
}
...
compares the supplied sessid value with the "sessid" value from sessions table which is an integer.
Mysql, like php, in comparing them, only considers the first integer values of the supplied string.
So the function returns a valid userid and, if you know an existent sessid in table, you can inject
queries in cookies, like this:
Cookie: glf_session=12345678 [SQL HERE]; glfusion=9999999999;
####################
SphereCMS is a CMS which allow managing forum, archive posts, chat like
posts (named shoutbox), friend in the site and personal profile. It has
one theme, but a buty one.
It uses MySQL as its backend DBMS and is written in PHP language.
####################
- Vulnerability:
####################
Debian Security Advisory DSA-1413-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
November 26, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2583, CVE-2007-2691, CVE-2007-2692
CVE-2007-3780, CVE-2007-3782, CVE-2007-5925
Debian Security Advisory DSA-2057-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
June 07, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850
$concat = $notin?' AND ':' OR ';
$glue = $string?"','":',';
switch($DB['TYPE']) {
case 'SQLITE3':
case 'MYSQL':
case 'POSTGRESQL':
case 'ORACLE':
default:
$items = array_chunk($array, 950);
foreach($items as $id => $values){
dcarey@drewcarey.com [~/public_html]# GET localhost/~dcarey/vuln
<?php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information by
* visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MySQL: Privilege bypass
Date: September 04, 2008
Bugs: #220399
ID: 200809-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2010:093
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : May 7, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-950-1 June 09, 2010
mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849,
CVE-2010-1850
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Hi Thomas,
This bug was fixed in a MySQL release dated 01 May 2008. It is now 01
Oct 2008 - 5 months after the bug was released. So why exactly is this
news? Did I miss something here?
--
http://blog.hiltontravis.com/
===========================================================
Ubuntu Security Notice USN-588-2 April 02, 2008
mysql-dfsg-5.0 regression
https://launchpad.net/bugs/209699
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
https://127.0.0.1:10000/virtual-server/link.cgi/67.228.198.99/http://www.virtualmin.com/
#4 Information disclousure
It's possible to view and/or copy any file on the server due to system()
call
in mysql module, which copies any file specified by the user
to Virtualmin temporary dir. Note it's a time based attack as the copied
file
is almost immediately removed after creation.
#5 Information disclousure
Debian Security Advisory DSA-1783 security@debian.org
http://www.debian.org/security/ Devin Carraway
April 29, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3963 CVE-2008-4456
Debian Bug : 498362
===========================================================
Ubuntu Security Notice USN-671-1 November 17, 2008
mysql-dfsg-5.0 vulnerabilities
CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
===========================================================
Ubuntu Security Notice USN-588-1 March 19, 2008
mysql-dfsg-5.0 vulnerabilities
CVE-2006-7232, CVE-2007-2692, CVE-2007-6303, CVE-2008-0226,
CVE-2008-0227
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Next Page>>
|
