h1-ctf: [H1-2006 2020] The Story of Making Bounty Hunters Happy

Disclaimer: I will try to make this post a fun read, given that whoever triagges will be probably going through similar write-ups again and again. The beginning: Being away from HackerOne over a month had made me rusty. Although the call to arms for Mr. Mickos and the community could not be left...

h1-ctf: [H1-2006 2020] CTF Writeup!

The Beginning ===================== The scope of the H1-2006 CTF was .bountypay.h1ctf.com. After opening https://bountypay.h1ctf.com, I noticed that on the top left of the screen there was a dropdown with two login pages: one for Customers https://app.bountypay.h1ctf.com/ and one for Staff...

CVE-2020-5239

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

Open redirect

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

CVE-2020-5239 Unspecified vulnerability in the fetchmail script in Mailu

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

CVE-2020-5239

CVE-2020-5239 affects Mailu before version 1.7. An authenticated user can exploit a vulnerability in the Mailu fetchmail script to gain full access to a Mailu instance; Mailu servers with open registration or untrusted users are most impacted. The master and 1.7 branches are patched in the Mailu ...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

CVE-2013-4582

The 1 createbranch, 2 createtag, 3 importproject, and 4 forkproject functions in lib/gitlabprojects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local file...

CVE-2013-4582

CVE-2013-4582 affects GitLab: the functions create_branch, create_tag, import_project, and fork_project in lib/gitlab_projects.rb allow remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. Affected are GitLab 5.0 up to 5.4...

CVE-2013-4582

Removed by vendor...

Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...

Nord Security: Potential leak of server side software at repogohi.nordvpn.com

Summary: I found a public Git Repository at https://repogohi.nordvpn.com/. It looks like the software components in this repository are part of the VPN Servers. So I'm afraid there's a certain risk. The following packages are among others publicly available: openvpn-xor2.4.5-stretch1nordamd64.deb...

atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository

It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.9 atomic-openshift security update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository

It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output...

BlockDev Sp. Z o.o: .git file accessible

Hi, Your .git file accessible. Thats information disclosure. URL: https://blog.makerdao.com/wp-content/themes/makerDAO/.git/config REQUEST: GET /wp-content/themes/makerDAO/.git/config HTTP/1.1 Host: blog.makerdao.com Accept:...

Arbitrary File Reads And Writes

github.com/b3log/wide is vulnerable to many arbitrary file read and write attacks. The attacker can launch three types of attacks: 1 writing arbitrary code in the editor and running three times for read access to arbitrary files. 2 creating a symlink for a ZIP archive to trigger an arbirary file...

CVE-2019-13915

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...

CVE-2019-13915

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...

Design/Logic Flaw

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...