12 matches found
Compromised tag of intercom-php published via GitHub
Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...
EUVD-2025-24449
Malicious code in bioql PyPI...
WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
OESA-2022-1606 golang security update
The Go Programming Language. Security Fixes: cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.CVE-2022-23773...
CVE-2022-23773
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
UBUNTU-CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
MyBB 1.6.x / 1.8.x Tags Cross Site Scripting
@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...
CFMBLOG - 'categorynbr' Blind SQL Injection
-------------------------------AlpHaNiX---------------------------------- Found By : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script : CFMBLOG download : null Demo : http://www.cfmblog.com Exploits : --=BLIND SQL INJECTION=--...
Re: Microsoft Media Player ASX Parser buffer overflow vulnerability
I found yet another bof condition in the ASX VERSION tag : an .ASX file with the contents : ASX VERSION="AAAAAAAAAAA ... AAAAAAA" crashes MPLAYER 6.4 in dxmasf.dll... greetz, ByteRage [email protected] http://elf.box.sk/byterage REVELATION: HREF attribute of BANNER tag can be abused to smash our...
New Solaris root exploit for /usr/lib/lp/bin/netpr
Word on the street is that others have noticed this hole, so here goes. Have you noticed how many holes have been discovered in the printing system on Solaris? The netpr program is no exception. Included with this message are two exploits I wrote in 1999, one for SPARC versions of Solaris and the...