213 matches found
CVE-2025-0103
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...
CVE-2025-0104
A reflected cross-site scripting XSS vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to...
CVE-2025-0103
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...
CVE-2025-0106
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...
CVE-2025-0107 Expedition: OS Command Injection Vulnerability
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...
CVE-2025-0107 Expedition: OS Command Injection Vulnerability
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...
CVE-2025-0107
CVE-2025-0107 – Palo Alto Networks Expedition OS command injection . The connected templates confirm an OS command injection in Palo Alto Networks Expedition that allows an unauthenticated attacker to execute arbitrary OS commands as the www-data user, leading to disclosure of usernames, cleartex...
CVE-2025-0106 Expedition: Wildcard Expansion Vulnerability
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...
CVE-2025-0106 Expedition: Wildcard Expansion Vulnerability
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...
CVE-2025-0106
CVE-2025-0106 is a wildcard expansion vulnerability in Palo Alto Networks Expedition. An unauthenticated attacker can enumerate files on the host filesystem via the Expedition tool’s wildcard expansion handling. Affected product: Palo Alto Networks Expedition. Root cause: wildcard expansion issue...
CVE-2025-0105
CVE-2025-0105 is an arbitrary file deletion vulnerability in Palo Alto Networks Expedition. An unauthenticated attacker could delete arbitrary files accessible to the www-data user on the host filesystem. The impact is described as functional deletion with potential exposure of configured data (p...
CVE-2025-0105 Expedition: Arbitrary File Deletion Vulnerability
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem...
CVE-2025-0104
CVE-2025-0104 ( Expedition XSS) affects Palo Alto Networks Expedition. The connected PT-security entry describes a reflected cross-site scripting vulnerability where an authenticated user’s browser can execute malicious JavaScript if a user clicks a crafted link, potentially enabling phishing and...
CVE-2025-0103 Expedition: SQL Injection Vulnerability
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...
CVE-2025-0103 Expedition: SQL Injection Vulnerability
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on...
CVE-2025-0103
CVE-2025-0103 describes an SQL injection in Palo Alto Networks Expedition. An authenticated attacker can exfiltrate Expedition data (password hashes, usernames, device configurations, and device API keys) and can create/read arbitrary files on the Expedition system. The CVE is reflected in multip...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker could exploit the vulnerability to delete arbitrary files on the host's file system...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could execute malicious JavaScript code in this user's...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a network security appliance used to provide firewall, intrusion detection, and prevention. The Palo Alto Networks Expedition suffers from a command injection vulnerability that can be exploited by an attacker to run arbitrary operating system commands, which can...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting the vulnerability could enumerate files on the host's file system...