SUSE CVE-2024-56731

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

CVE-2021-23263

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/ non-binary...

Apache FreeMarker 安全漏洞

Apache FreeMarker is a Java-based template engine from the Apache Foundation, initially focused on generating dynamic web pages using the MVC software architecture. A security vulnerability exists in Apache FreeMarker, which can be exploited by an attacker to read textual content via FreeMarker,...

h1-ctf: [H1-2006 2020] Exploiting multiple vulnerabilities to get hacker's payment ensured

Last week, Hackerone’s CEO Marten lost his credentials for BountyPay. A tweet from hackerone’s official twitter account asked for help from ethical hackers and bounty hunters to help the CEO recover his credentials and insure May’s payments. As an active bug hunter on Hackerone, I decided to take...