Description
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)
WordPress Plugin pootle button Cross-Site Scripting (1.1.1)
Oracle Database Server CVE-2012-1708 Vulnerability (CVE-2012-1708)
WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)
Internet Information Services Other Vulnerability (CVE-2002-0075)