PT-2024-19008 · Pimcore · Pimcore Customer Management Framework

Name of the Vulnerable Software and Affected Versions: Pimcore Customer Management Framework versions prior to 4.0.6 Description: The issue allows an authenticated and unauthorized user to access the list of potential duplicate users and see their data. This occurs because permissions are not...

How to Be More Anonymous Online

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules...

How to Protect Your Privacy Online

Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening spectr...

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol BGP traffic. "The Orange account in the IP network coordination center RIP...

A week in security (December 18 – December 24)

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches...

Mr. Cooper leaks personal data of 14 million loan and mortgage customers

A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification, the company didnt say what type of cyberattack caused the compromise of customer data, calling it a rather non-descripti...

Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator

Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics...

CVE-2023-46354

In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...

CVE-2023-46354

In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Orders CSV, Excel Export PRO prior to version 5.2.0. The vulnerability...

PT-2023-29974 · Prestashop · Orders (Csv

Name of the Vulnerable Software and Affected Versions: Orders CSV, Excel Export PRO module for PrestaShop versions prior to 5.2.0 Description: The issue allows a guest to download personal information without restriction due to a lack of permissions control. This can lead to a leak of personal...

Information Disclosure

oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop CSV feeds Pro versions prior to 2.6.1. The vulnerability stems fr...

PT-2023-29975 · Prestashop +1 · Bl Modules Csvfeeds Module +1

Name of the Vulnerable Software and Affected Versions: Bl Modules csvfeeds module for PrestaShop versions prior to 2.6.1 Description: The issue allows a guest to download personal information without restriction due to too permissive access control. This lack of control does not force the...

CVE-2023-45382

In the module "SoNice Retour" soniceretour up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a gues...

CVE-2023-45382

In the module "SoNice Retour" soniceretour up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a gues...

PT-2023-29539 · Unknown · Sonice Retour +1

Name of the Vulnerable Software and Affected Versions: SoNice Retour module for PrestaShop versions up to 2.1.0 Description: The issue allows a guest to download personal information without restriction by performing a path traversal attack. This is due to a lack of permissions control and a lack...

PrestaShop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image scaling. A path traversal vulnerability exists in PrestaShop SoNice Retour 2.1.0 and earlier versions, which stems from a lack...

Arbitrary file deletion

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller use...

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...