17 matches found
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
CVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451
The CVE-2025-15451 affects xnx3 wangmarket up to v4.9, specifically the /admin/system/variableSave.do functionality where manipulating the Description parameter triggers cross-site scripting. Public exploit exists; attack may be remotely initiated; vendor did not respond to disclosure. Connected ...
CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
PT-2026-1204
Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 4.9 Description A security flaw exists in xnx3 wangmarket up to version 4.9, specifically within the System Variables Page functionality located at the '/admin/system/variableSave.do' file. Manipulation of the...
wangmarket 代码注入漏洞
wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from an incorrect manipulation of the Description parameter in the file...
CVE-2025-3905
CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...
PT-2025-24630 · Schneider Electric · Modicon Controllers M241/M251 +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists, impacting system variables. This could allow an authenticated malicious user to inject unvalidated data, potentially modifying or reading data in a...
RLSA-2021:1242 Important: mariadb:10.3 and mariadb-devel:10.3 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.28, galera 25.3.32. Security Fixes: mariadb: writable system variables allows a database user with SUPER privilege ...
Important: Red Hat Security Advisory: mariadb security update
An update for mariadb is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
About Dedecms variable coverage exploits-vulnerability warning-the black bar safety net
Someone recently broke the dedecms variable coverage holes,it is also a quite interesting vulnerability, and in some cases dedecms this variable vulnerability to exist for so long in some people are many years,about six months ago I also independently discovered by 本文 [email protected] Write ...
Information Disclosure with Invision Board installation (fwd)
Message Index Thread Index Reply prev Msg by Date next Msg by Date To: BugTraq Subject: Information Disclosure with Invision Board installation fwd Date: Sep 24 2002 10:11PM Author: Gossi The Dog [email protected] Message-ID: [email protected] Since the vendor...