CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...

WordPress Bellows Accordion Menu Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Bellows Accordion Menu Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 390a77233aee Credits István Márton...

K59904248: iControl SOAP vulnerability CVE-2022-29474

Security Advisory Description A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. CVE-2022-29474 Impact An authenticated attacker with at least guest role privileges may...

KesionIMall存储xss

简要描述： 官方demo: http://imall.kesion.com/ 详细说明： demo 测试。 注册会员。 wooyuntest/123456 提交订单。 在地址出填写xss palyload。如图 然后到会员中心查看买到的商品。 xss触发。 漏洞证明：...

Wordpress 0.6/0.7 Blog.Header.PHP SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8756/info Wordpress has been reported prone to multiple SQL injection vulnerabilities. The issues have been reported to exist in the blog.header.php script. A lack of sufficient sanitization performed on 'cat' and 'orderb...

Solaris 2.6/7.0/8 - &#039;netpr&#039; Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as being vulnerable. The overflow i...