Description
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Remediation
References
Related Vulnerabilities
Ruby Improper Input Validation Vulnerability (CVE-2013-1821)
Oracle Database Server Other Vulnerability (CVE-2005-3437)
WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)
WordPress Plugin WP-Lister Lite for Amazon Cross-Site Scripting (2.4.3)
WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.1.02)