EUVD-2014-8189

Malware in sbrugna...

TikTok dances to the tune of $5.4m cookie fine

The big social media fines just keep coming. Hot on the heels of Meta experiencing a $277m fine from the Irish Data Protection Commission, its now TikToks turn in the spotlight thanks to a cookie crumble. Can you walk into a huge fine in 2023 for making it difficult to refuse a cookie as easily a...

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws

Popular short-form video hosting service TikTok has been fined €5 million about $5.4 million by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok.co...

France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent

France's privacy watchdog has imposed a €60 million $63.88 million fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique...

French Electricity Provider Fined for Storing Users' Passwords with Weak MD5 Algorithm

The French data protection watchdog on Tuesday fined electricity provider Électricité de France EDF €600,000 for violating the European Union General Data Protection Regulation GDPR requirements. The Commission nationale de l'informatique et des libertés CNIL said the electric utility breached...

“Reject All” cookie consent button is coming to European Google Search and YouTube

Google will soon be giving European countries a "Reject All" button in the Search and YouTube cookie consent banner. This change, which was revealed by Googles Product Manager for Privacy, Safety & Security Sammit Adhya in a blog post, has already been rolled out in France and will be cascaded to...

France Rules That Using Google Analytics Violates GDPR Data Protection Law

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation GDPR laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and...

Google and Facebook fined $240 million for making cookies hard to refuse

French privacy watchdog, the Commission Nationale de lInformatique et des Libertés CNIL, has hit Google with a 150 million euro fine and Facebook with a 60 million euro fine, because their websites—google.fr, youtube.com, and facebook.com—dont make refusing cookies as easy as accepting them. The...

France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies

The Commission nationale de l'informatique et des libertés CNIL, France's data protection watchdog, has slapped Facebook now Meta Platforms and Google with fines of €150 million $170 million and €60 million $68 million for violating E.U. privacy rules by failing to provide users with an easy opti...

Google Fined $57M in Largest GDPR Slap Yet

France’s National Data Protection Commission CNIL has fined Google $57 million €50 million for violations of the General Data Protection Regulation GDPR – the largest fine yet issued under the EU’s new data privacy law. In investigating group complaints from privacy advocacy groups None Of Your...

cnil.fr XSS vulnerability

Vulnerable URL: https://www.cnil.fr/fr/recherche/'%22%20autofocus%20onfocus=alert'OPENBUGBOUNTY'%20value=%22a Details: Description| Value ---|--- Patched:| Yes, at 27.09.2016 Latest check for patch:| 27.09.2016 15:56 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

France warns Microsoft to Stop Collecting Windows 10 Users' Personal Data

We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent. Now, the French data protection authority has ordered Microsoft to stop it. France's National Data Protection Commission CNIL issued a form...

CVE-2014-8351

SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty aka CNIL CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in json.php in French National Commission on Informatics and Liberty aka CNIL CookieViz allows remote we servers to inject arbitrary web script or HTML via the maxdate parameter...

Sql injection

SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty aka CNIL CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter...

CVE-2014-8351

SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty aka CNIL CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter...

CVE-2014-8352

CVE-2014-8352 affects CNIL CookieViz: the json.php endpoint is vulnerable to cross-site scripting via the max_date parameter, allowing remote injection of arbitrary script/HTML. The NVD entry lists a MEDIUM base score (CVSS2: AV:N/AC:M/Au:N/C:N/I:P/A:N; base 4.3) with partial integrity impact and...

CVE-2014-8351

CVE-2014-8351 concerns CNIL CookieViz (info.php) prior to 1.0.1, where a SQL injection via the domain parameter allows remote servers to execute arbitrary SQL commands. The vulnerability affects CookieViz’s handling of input in info.php, enabling attacker-controlled SQL execution. Public referenc...

CNIL CookieViz Cross Site Scripting / SQL Injection Vulnerabilities

CNIL CookieViz suffers from cross site scripting and remote SQL injection vulnerabilities. CNIL CookieViz XSS + SQL injection leading to user pwnage Product link: https://github.com/LaboCNIL/CookieViz CVE references CVE-2014-8351, CVE-2014-8352 TL;DR ----- Since October 2014, the French National...

CNIL CookieViz Cross Site Scripting / SQL Injection

CNIL CookieViz XSS + SQL injection leading to user pwnage Product link: https://github.com/LaboCNIL/CookieViz CVE references CVE-2014-8351, CVE-2014-8352 TL;DR ----- Since October 2014, the French National Commission on Informatics and Liberty "CNIL" is performing some controls upon "tracing...