#php

In [v1.5](https://github.com/PrivateBin/PrivateBin/blob/master/CHANGELOG.md#15-2022-12-11) we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. Neither the confidentially of existing pastes on the server nor the configuration options including the YOURLs token are affected. ### Impact This issue only affects non-standard configurations of PrivateBin. Instances are affected if all of the following conditions are met: 1. The PrivateBin instance enables URL shortening. 2. A YOURLs URL shortener is used and it is configured not to be public and require a...

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack

WordPress Poll plugin version 2.3.6 suffers from a remote SQL injection vulnerability.

ResidenceCMS versions 2.10.1 and below suffer from a persistent cross site scripting vulnerability.

PMS 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Simple Online Banking System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery version 2.3.6 suffers from a remote SQL injection vulnerability.

Cinema Booking System version 1.0 suffers from remote SQL injection and cross site request forgery vulnerabilities.

Ubuntu Security Notice 6876-1 - It was discovered that Kopano Core allowed out-of-bounds access. An attacker could use this issue to expose private information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Kopano Core allowed possible authentication with expired passwords. An attacker could use this issue to bypass authentication.