cve/CVE-2010-3682.md at 694ac234a19db48cd3b1f78eb5f461ab1f6c99f7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

POC

Reference

http://www.ubuntu.com/usn/USN-1017-1
https://bugzilla.redhat.com/show_bug.cgi?id=628328

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/DButter/whitehat_public
https://github.com/Dokukin1/Metasploitable
https://github.com/Iknowmyname/Nmap-Scans-M2
https://github.com/NikulinMS/13-01-hw
https://github.com/Zhivarev/13-01-hw
https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
https://github.com/tomwillfixit/alpine-cvecheck
https://github.com/zzzWTF/db-13-01

1.2 KiB Raw Blame History

CVE-2010-3682

Description

POC

Reference

Github

1.2 KiB

Raw Blame History