136 matches found
PT-2022-28062 · Typo3 · Fp Newsletter
Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fpnewsletter, which stems from the fact that data about its subscribers can be obtained via the createAction operation...
PT-2022-28061 · Typo3 · Fp Newsletter
Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions prior to 1.1.1 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.x prior to 2.1.2 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.x prior to 3.2.6...
CVE-2022-47411
The CVE-2022-47411 flaw affects the TYPO3 fp_newsletter extension and allows exposure of subscriber data via unsubscribeAction. Affected versions include 1.0–1.1.0, 1.2.0, 2.0–2.1.1, 2.2.1–2.4.0, and 3.0–3.2.5. Remediation paths per PT-Security: upgrade to 1.1.1 (or later) for 1.x; to 2.1.2 (or l...
CVE-2022-47410
The CVE-2022-47410 entry affects the TYPO3 fp_newsletter (Newsletter subscriber management) extension. The reported issue is that data about subscribers may be obtained via createAction operations, with vulnerable versions including before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1–2.4.0, and 3.x befo...
HBO sued for sharing subscriber data with Facebook
HBO Max subscribers Angel McDaniel and Constance Simon filed a class-action lawsuit against HBO on Tuesday, alleging that the company has violated their privacy by sharing subscriber viewing data with Facebook. Bursor & Fisher filed the case on behalf of McDaniel and Simon. According to case...
The Telegraph newspaper exposed 10TB of subscriber data
By Deeba Ahmed The data was exposed due to an unprotected Elasticsearch cluster and remained open to public access without any security authentication. This is a post from HackRead.com Read the original post: The Telegraph newspaper exposed 10TB of subscriber data...
Information Disclosure
directmailteam/direct-mail is vulnerable to information disclosure. The extension fails to check if an authenticated backend user has access to pages with newsletter subscriber data when using the "Special query" feature...
GHSA-QWMJ-72MP-Q3M2 Missing Authorization in TYPO3 extension
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
TYPO3 Direct Mail Component Information Disclosure Vulnerability (CNVD-2020-28942)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the Direct Mail component of TYPO3 5.2.3 and prior versions, which originates from the program's inability to check whether an authenticated back-end user...
CVE-2020-12700
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
CVE-2020-12700
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
Information disclosure
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
CVE-2020-12700
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
The vulnerability in the web interface of the Graphite software for managing policies, billing, and managing subscriber data in the Cisco Policy Suite for Mobile allows a perpetrator to gain access to protected data.
The vulnerability in the web interface of the Graphite software for managing policies, billing, and managing subscriber data in the Cisco Policy Suite for Mobile is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to protected...
Microsoft Disclosed User Content in 10% of U.S. Law Enforcement Requests
Microsoft supplied user content in response to 10.8 percent of the law enforcement requests it received from United States agencies in the second half of 2013. The company got more than 5,600 requests from U.S. agencies in the last six months of the year, and in the vast majority of those–68...