The remote database server is affected by multiple vulnerabilities.
1. Evaluation of an 'IN()' predicate with a decimal-valued argument causes a service crash.
2. A user can rename a table even though he does not have DROP privileges.
3. If a stored routine is declared as 'SQL SECURITY INVOKER', a user may be able to gain privileges by invoking that routine.
4. A user with only ALTER privileges on a partitioned table can discover information about the table that should require SELECT privileges.
- Upgrade to MySQL version 5.1.18 or later.
- WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)
- WordPress Plugin Google Maps in Posts Cross-Site Scripting (1.5.3)
- WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.1.4)
- WordPress Plugin Pretty Link Lite Multiple Cross-Site Scripting Vulnerabilities (1.4.56)
- WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)