BIT-CASSANDRA-2026-47846 Default superuser cassandra:cassandra left active when CASSANDRA_USER is customized

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...

Astra Linux – Vulnerability in inetutils

In GNU inetutils, the telnet utility in version 2.7 allows servers to read arbitrary environment variables from clients using the NEWENVIRON SENDUSERVAR function...

CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

EUVD-2026-12154

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

Exploit for CVE-2026-24061

CVE-2026-24061 Vulnerability Detection Tool ⚠️ Note: C...

Linux Distros Unpatched Vulnerability : CVE-2025-61789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom...

EUVD-2000-0613

Malware in sbrugna...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

PT-2024-36529 · Unknown · Winmail Server

Name of the Vulnerable Software and Affected Versions: Winmail Server version 4.4 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It involves the f user variable and a specific payload %22%3E%3Csvg%20onload. This type of attack can allow an attacker to inject malicious...

CVE-2023-33175 ToUI allows user-specific variables to be shared between users

ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...

SUSE CVE-2010-3835

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

Remote code execution

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable...

InTouch 0.5.1 Alpha User Variable SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16110/info inTouch is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resu...

http-joomla-brute NSE Script

Performs brute force password auditing against Joomla web CMS installations. This script initially reads the session cookie and parses the security token to perfom the brute force password auditing. It uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are...

MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

Code injection

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

CVE-2010-3835

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities

------------------------------------------------------------------------- Debian Security Advisory DSA-2143-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 14, 2011 http://www.debian.org/security/faq -...

Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)

Multiple vulnerabilities were discovered and corrected in mysql : - Joins involving a table with with a unique SET column could cause a server crash CVE-2010-3677. - Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash CVE-2010-3680. - The server could crash if there we...