CVE-2023-45380

In the module "Order Duplicator " Clone and Delete Existing Order" orderduplicate in version = 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from...

CVE-2023-45380

In the module "Order Duplicator " Clone and Delete Existing Order" orderduplicate in version = 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from...

Design/Logic Flaw

In the module "Order Duplicator " Clone and Delete Existing Order" orderduplicate in version = 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from...

PrestaShop Order Duplicator Security Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Order Duplicator - Clone and Delete Existing Order...

PT-2023-29537 · Prestashop · Order Duplicator Module

Name of the Vulnerable Software and Affected Versions: Order Duplicator module for PrestaShop versions = 1.1.7 Description: The issue allows a guest to download personal information without restriction due to a lack of permissions control. This includes accessing data from the ps customer and ps...

CVE-2023-46352

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...

CVE-2023-46346

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...

CVE-2023-46346

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...

PT-2023-29967 · Unknown · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel, XML Export PRO versions up to 4.1.1 Description: A path traversal attack can be performed by a guest to download personal information without restriction. This is due to a lack of permissions control and a lack of...

CVE-2023-45383

In the module "SoNice etiquetage" soniceetiquetage up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction...

The benefits of using the new Data Privacy Framework

After the Schrems II ruling by the Court of Justice of the European Union, legal cross-border transfers of personal data from the EU to the U.S. became a key issue for U.S. businesses. After years of negotiations with the EU, the EU and U.S. have developed and agreed upon an adequate system for...

CVE-2023-3037

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter...

CVE-2023-3037

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter...

Authorization

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter...

CVE-2023-3037 HelpDezk Community improper authorization

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter...

CVE-2023-3037 HelpDezk Community improper authorization

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter...

HelpDezk Security Breach

HelpDezk is a powerful software from HelpDezk Inc. for managing requests/events. A security vulnerability exists in HelpDezk version 1.1.10, which originated from a vulnerability that allows remote attackers to access the platform without authentication and retrieve personal data via jsonGrid...

Watch out, this LastPass email with "Important information about your account" is a phish

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the "unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are havin...

CVE-2023-4828

An improper check for an exceptional condition in the Insider Threat Management ITM Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure...

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill DPDPB after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of...