14 matches found
EUVD-2023-34625
Malicious code in bioql PyPI...
EUVD-2023-50572
Malicious code in bioql PyPI...
CVE-2024-36682
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...
CVE-2023-46352
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...
5 million payment card details stolen in painful reminder to monitor Christmas spending
Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket. An S3 bucket is like a virtual file folder i...
Design/Logic Flaw
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...
CVE-2023-30281
The CVE-2023-30281 entry affects Store Commander for PrestaShop, specifically scquickaccounting versions prior to 3.7.3. The underlying issue is insecure permissions that fail to restrict access to exports, allowing a guest to access data that is exported by the module. The practical impact state...
CVE-2023-30281
Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from pscustomer table sush as name / surnam...
CVE-2023-30282
PrestaShop scexportcustomers = 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table...
CVE-2023-30282
PrestaShop scexportcustomers = 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table...
U.S. Dept Of Defense: Members Personal Information Leak Due to IDOR
Summary https://██████ allows anyone to sign up and view other members profile. According to wikipedia, ███████ is part of US DoD "████████": ██████ I signed up with a regular account and noticed that by referencing users ████, I can send thousands of "█████████" and also, using another end-point...
Fedora 17 : moodle-2.2.11-1.fc17 (2013-13252)
Latest upstream release for this branch. Correct unbundling of php-pear-HTML-Quickform. Fix for: MSA-13-0025: XSS vulnerability in YUI library MSA-13-0026: Personal information leak in IMS-LTI CVE-2013-2242 MSA-13-0027: Access issue in Chat module CVE-2013-2243 MSA-13-0028: Answer information...
Fedora 18 : moodle-2.3.8-2.fc18 (2013-12950)
Latest upstream release for this branch. Correct unbundling of php-pear-HTML-Quickform. Fix for: MSA-13-0025: XSS vulnerability in YUI library MSA-13-0026: Personal information leak in IMS-LTI CVE-2013-2242 MSA-13-0027: Access issue in Chat module CVE-2013-2243 MSA-13-0028: Answer information...
UMP French Political Party got hacked & personal information leaked
UMP French Political Party got hacked & personal information leaked The personal data of several political parliamentarians, ministers, Minister of UMP French Political Party employees were released online by an unknown source. The leak contain the details of Bernard Accoyer, Lionel Tardy, Jean...