1243 matches found
VulnCheck KEV: CVE-2023-7289
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
VulnCheck KEV: CVE-2024-9463
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...
CVE-2023-48082
Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...
CVE-2023-48082
Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...
CVE-2023-48082
Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...
CVE-2023-48082
Nagios XI is affected by CVE-2023-48082 in versions before 2024R1 (and before 5.11.3 in 2024R1 per other sources). The vulnerability stems from improper handling of API key generation, described as randomly-generated keys that could allow an attacker to generate the same API keys for all users an...
CVE-2023-48082
Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...
CVE-2024-9464
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...
CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...
CVE-2024-9466
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials...
CVE-2024-9463
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...
CVE-2024-9466 Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials...
CVE-2024-9466
Palo Alto Networks Expedition (vulnerable up to 1.2.95; fixed in 1.2.96+) suffers a cleartext storage vulnerability that allows an authenticated attacker to reveal firewall usernames, passwords, and API keys. Affected component: storage of sensitive information in Expedition; root cause: storing ...
CVE-2024-9465 Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...
CVE-2024-9464
CVE-2024-9464 affects Palo Alto Networks Expedition: an authenticated OS command injection in Expedition allows an attacker with valid credentials to run arbitrary OS commands as root, risking disclosure of usernames, cleartext passwords, device configurations, and API keys. Affected are Expediti...
CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...
PT-2024-6884 · Palo Alto Networks · Palo Alto Networks Expedition
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: The issue is related to the cleartext storage of sensitive information in Palo Alto Networks Expedition, allowing an authenticated attacker to reveal firewall username...
PT-2024-6883 · Palo Alto Networks · Palo Alto Networks Expedition
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition. This result...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...