"Team Security" Telegram-Gruppe .

❈ Improper access control with submitReorder function

Sicherheitslücken / Exploits portal.patchman.co

An attacker was able to list all the orders placed on the website without being logged by abusing the function that allowed a shopping cart to be recreated from an order already placed.

This vulnerability affects the following application versions:

  • PrestaShop 1.7.0.0
  • PrestaShop 1.7.0.0 beta1
  • PrestaShop 1.7.0.0 beta2
  • PrestaShop 1.7.0.0 beta3
  • PrestaShop 1.7.0.0 RC0
  • PrestaShop 1.7.0.0 RC1
  • PrestaShop 1.7.0.0 RC2
  • PrestaShop 1.7.0.0 RC3
  • PrestaShop 1.7.0.1
  • PrestaShop 1.7.0.2
  • PrestaShop 1.7.0.3
  • PrestaShop 1.7.0.4
  • PrestaShop 1.7.0.5
  • PrestaShop 1.7.0.6
  • PrestaShop 1.7.1.0
  • PrestaShop 1.7.1.0 beta1
  • PrestaShop 1.7.1.1
  • PrestaShop 1.7.1.2
  • PrestaShop 1.7.2.0
  • PrestaShop 1.7.2.0 RC 1
  • PrestaShop 1.7.2.1
  • PrestaShop 1.7.2.2
  • PrestaShop 1.7.2.3
  • PrestaShop 1.7.2.4
  • PrestaShop 1.7.2.5
  • PrestaShop 1.7.3.0
  • PrestaShop 1.7.3.0 beta 1
  • PrestaShop 1.7.3.0 RC 1
  • PrestaShop 1.7.3.1
  • PrestaShop 1.7.3.2
  • PrestaShop 1.7.3.3
  • PrestaShop 1.7.3.4
  • PrestaShop 1.7.4.0
  • PrestaShop 1.7.4.0 beta 1
  • PrestaShop 1.7.4.1
  • PrestaShop 1.7.4.2
  • PrestaShop 1.7.4.3
  • PrestaShop 1.7.4.4
  • PrestaShop 1.7.5.0
  • PrestaShop 1.7.5.0 beta 1
  • PrestaShop 1.7.5.0 RC 1
  • PrestaShop 1.7.5.1
  • PrestaShop 1.7.5.2
  • PrestaShop 1.7.6.0
  • PrestaShop 1.7.6.0 beta 1
  • PrestaShop 1.7.6.0 RC 1
  • PrestaShop 1.7.6.0 RC 2
  • PrestaShop 1.7.6.1
  • PrestaShop 1.7.6.2
  • PrestaShop 1.7.6.3
  • PrestaShop 1.7.6.4
  • PrestaShop 1.7.6.4 1
  • PrestaShop 1.7.6.5
  • PrestaShop 1.7.6.5 1
  • PrestaShop 1.7.6.6
  • PrestaShop 1.7.6.7
  • PrestaShop 1.7.6.8
...


Kompletten Artikel lesen (externe Quelle: https://portal.patchman.co/detections/rss/vulnerabilities/4260)

Zur Team IT Security IT Sicherheit Nachrichtenportal Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

CentOS Blog: CentOS Pulse Newsletter, September 2018 (#1804)

vom 187.79 Punkte
Dear CentOS enthusiast, Here's what's been happening in the past month at CentOS Releases and Updates The following releases and updates happened in August. For each update, the given URL provides the upstream notes about the change. Releases We're pl

PMapper - A Tool For Quickly Evaluating IAM Permissions In AWS

vom 178.67 Punkte
A project to speed up the process of reviewing an AWS account's IAM configuration. Purpose The goal of the AWS IAM auth system is to apply and enforce access controls on actions and resources in AWS. This tool helps identify if the policies in place will ac

AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

vom 143.39 Punkte
Original release date: August 26, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is

TA17-163A: CrashOverride Malware

vom 119.41 Punkte
Original release date: June 12, 2017 | Last revised: July 27, 2017Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos ou

AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

vom 118.54 Punkte
Original release date: September 1, 2020SummaryThis joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical appro

Transforming Azure Monitor Logs for DevOps, granular access control, and improved Azure integration

vom 116.31 Punkte
Logs are critical for many scenarios in the modern digital world. They are used in tandem with metrics for observability, monitoring, troubleshooting, usage and service level analytics, auditing, security, and much more. Any plan to build an application or

How Google adopted BeyondCorp: Part 3 (tiered access)

vom 115.87 Punkte
Posted by Daniel Ladenheim, Software Engineer, and Hunter King, Security Engineer Intro  This is the third post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal imple

TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

vom 115.34 Punkte
Original release date: March 15, 2018Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bu

Global Biometric Access Control System Market Trends, Share, Size, Revenue, Growth, Opportunity and Forecast 2018-2023

vom 109.85 Punkte
The Primary aim of the Biometric Access Control System Market Report is to help you to find insights and make decisions for growing your business. It contains the latest data on market trends and opportunities by country, consumption, production and pric

(Web)Access (Un)Control

vom 106.4 Punkte
On November 1, 2018, The Zero Day Initiative reported case ZDI-19-257 to Advantech regarding configuration weaknesses in version 8.3.3 of Advantech WebAccess. As of March 7th, 2019, the vulnerability has not been addressed by Advantech, so the Zero Da

(Web)Access (Un)Control

vom 106.4 Punkte
On November 1, 2018, The Zero Day Initiative reported case ZDI-19-257 to Advantech regarding configuration weaknesses in version 8.3.3 of Advantech WebAccess. As of March 7th, 2019, the vulnerability has not been addressed by Advantech, so the Zero Da

A Tour of SavedModel Signatures

vom 103.02 Punkte
Posted by Daniel Ellis, TensorFlow Engineer Note: This blog post is aimed at TensorFlow developers who want to learn the details of how graphs and models are stored. If you are new to TensorFlow, you should check out the TensorFlow Basics guides be

Team Security Diskussion über Improper access control with submitReorder function