#git

### TL;DR This vulnerability affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby->snippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. ---- ### Introduction Kirby's `snippet()` helper and `$kirby->snippet()` method (in the following abbreviated to the `snippet()` helper) allow to load PHP snippet files that are normally stored in the `site/snippets` folder or registered by plugins through the `snippets` plugin extension. If the `snippet()` helper is called with an arbitrary snippet name, Kirby first checks if a file with this name exists in the snippets root (which defaults to `site/snippets`). This logic was vulnerable against path traversal attacks. By using special elements such as `..` and `/` separators, attackers can escape outside of the restric...

### TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are *not* affected. ---- ### Introduction For use with PHP's built-in web server, Kirby provides a `router.php` file. The router delegates requests to static files to PHP so that assets and other static files in the document root can be accessed by the browser. This logic was vulnerable against path traversal attacks. By using special elements such as `..` and `/` separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the `../` sequence, which in most modern operating systems is interpreted as the parent directory of the current location. ### Impact The missing path traversal check allowed attackers to navigate all files on the server that were a...

### TL;DR This vulnerability affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. ---- ### Introduction Kirby's `collection()` helper and `$kirby->collection()` method (in the following abbreviated to the `collection()` helper) allow to load PHP logic files that are normally stored in the `site/collections` folder or registered by plugins through the `collections` plugin extension. If the `collection()` helper is called with an arbitrary collection name, Kirby first checks if a file with this name exists in the collections root (which defaults to `site/collections`). This logic was vulnerable against path traversal attacks. By using special elements such as `..` and `/` separator...

A new extra-secure mode for Android 16 will let at-risk users lock their devices down.

Android’s “Scam Detection” protection in Google Messages will now be able to flag even more types of digital fraud.

Popular student engagement platform iClicker’s website was compromised with a ClickFix attack. A fake “I’m not a robot”…

### Summary Users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. ### PoC As root: ``` # mkdir /tmp/foo # chmod a-rwx /tmp/foo # touch /tmp/foo/secret_file ``` As a user without any (or limited) sudo rights: ``` $ sudo --list /tmp/foo/nonexistent_file sudo-rs: '/tmp/foo/nonexistent_file': command not found $ $ sudo --list /tmp/foo/secret_file sudo-rs: Sorry, user eve may not run sudo on host. ``` I.e. the user can distinguish whether files exist. ### Related Original sudo (vulnerable version tested by us: 1.9.15p5) exhibited similar behaviour for files with the executable bit set. ### Impact Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. ### Credits This issue was identified by sudo-rs developer Ma...

Before a crackdown by Telegram, Xinbi Guarantee grew into one of the internet’s biggest markets for Chinese-speaking crypto scammers and money laundering. And all registered to a US address.

Roblox hit with class action over alleged secret tracking of kids’ data; lawsuit claims privacy law violations and…

Optimizing your online productivity is more important than ever. Whether you’re a business owner, freelancer, or simply someone…