Lucene search
+L

213 matches found

nessus
nessus
added 2024/10/21 12:0 a.m.64 views

Palo Alto Expedition < 1.2.96 Multiple Vulnerabilties

Palo Alto Expedition versions before 1.2.96 suffer from multiple vulnerabilities: - An unauthenticated OS command Injection vulnerability through the /API/convertCSVtoParquet.php endpoint CVE-2024-9264 - An authenticated OS command injection vulnerability CVE-2024-9464 - An unauthenticated SQL...

9.9CVSS8.2AI score0.99597EPSS
Exploits19References6
githubexploit
githubexploit
added 2024/10/19 8:22 a.m.437 views

Exploit for Insertion of Sensitive Information into Log File in Paloaltonetworks Expedition

CVE-2024-9466 CVE-2024-9466 Proof of Concept PoC Descrip...

8.2CVSS8AI score0.11233EPSS
Exploits1
ptsecurity
ptsecurity
added 2024/10/19 12:0 a.m.3 views

PT-2024-39651 · Palo Alto Networks · Palo Alto Networks Expedition

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: An OS command injection issue allows an unauthenticated attacker to run arbitrary OS commands as root. Recommendations: At the moment, there is no information about a...

7.9AI score
Exploits0References1
nessus
nessus
added 2024/10/18 12:0 a.m.37 views

Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463)

Binary data paloaltoexpeditionCVE-2024-9463.nbin...

9.9CVSS8.1AI score0.99597EPSS
Exploits9References6
bdu_fstec
bdu_fstec
added 2024/10/17 12:0 a.m.8 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of protection for website structures. This allows attackers to execute cross-site scripting attacks by executing arbitrary JavaScript code.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by executing arbitrary JavaScript code,...

6.4CVSS5.7AI score0.00645EPSS
Exploits0References5Affected Software1
bdu_fstec
bdu_fstec
added 2024/10/17 12:0 a.m.7 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures to neutralize special elements used in the operating system team. This allows attackers to enhance their privileges and execute arbitrary commands on the basic operating system.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures taken to neutralize special elements used in the operating system team. Exploiting this vulnerability allows a malicious actor to increase their privileges and execute arbitrary comman...

6.8CVSS8.3AI score0.8171EPSS
Exploits5References6Affected Software1
bdu_fstec
bdu_fstec
added 2024/10/17 12:0 a.m.9 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures to neutralize special elements used in the operating system team. This allows attackers to enhance their privileges and execute arbitrary commands on the basic operating system.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures taken to neutralize special elements used in the operating system team. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary command...

7.8CVSS8.4AI score0.98423EPSS
Exploits0References5Affected Software1
bdu_fstec
bdu_fstec
added 2024/10/17 12:0 a.m.5 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to the disclosure of information through registration files, allows a hacker to obtain encrypted user credentials.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the ability to disclose information through registration files. Exploiting this vulnerability could allow a malicious actor to obtain encrypted user credentials remotely...

6.8CVSS5.8AI score0.11233EPSS
Exploits1References6Affected Software1
vulncheck_kev
vulncheck_kev
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-9463

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

9.9CVSS7.4AI score0.98423EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/10/11 12:0 a.m.12 views

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. This allows attackers to access database contents, create, and read arbitrary files.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to remotely access database contents, create and read arbitrary files by injecting specially...

8.5CVSS8.3AI score0.99597EPSS
Exploits3References5Affected Software1
wizblog
wizblog
added 2024/10/10 5:45 p.m.37 views

Critical vulnerabilities in Palo Alto Expedition: everything you need to know

Detect and mitigate critical vulnerabilities CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467 in Palo Alto Networks’ Expedition tool. Organizations should patch urgently...

9.9CVSS7.1AI score0.99597EPSS
Exploits9
ncsc
ncsc
added 2024/10/10 12:2 p.m.10 views

Vulnerabilities fixed in Palo Alto Expedition

Palo Alto has fixed vulnerabilities in Expedition. A malicious party could exploit the vulnerabilities to remotely execute arbitrary code, without prior authentication, on the system running Expedition, potentially obtaining login credentials and API keys. Expedition is a migration tool to conver...

9.9CVSS7.5AI score0.99597EPSS
Exploits9References1
thn
thn
added 2024/10/10 5:44 a.m.74 views

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 CVSS score: 9.8, relates ...

9.9CVSS10AI score0.99597EPSS
Exploits17
nvd
nvd
added 2024/10/09 5:15 p.m.37 views

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

9.3CVSS0.8171EPSS
Exploits5References2
nvd
nvd
added 2024/10/09 5:15 p.m.26 views

CVE-2024-9467

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft...

7CVSS0.00645EPSS
Exploits0References1
nvd
nvd
added 2024/10/09 5:15 p.m.31 views

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS0.99597EPSS
Exploits3References3
osv
osv
added 2024/10/09 5:15 p.m.4 views

CVE-2024-9466

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials...

6.5CVSS5.8AI score0.11233EPSS
Exploits1References2
osv
osv
added 2024/10/09 5:15 p.m.2 views

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.1CVSS7.5AI score0.99597EPSS
Exploits3References3
osv
osv
added 2024/10/09 5:15 p.m.4 views

CVE-2024-9467

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft...

6.1CVSS5.9AI score0.00645EPSS
Exploits0References1
osv
osv
added 2024/10/09 5:15 p.m.3 views

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

6.5CVSS7.6AI score0.8171EPSS
Exploits5References2
Rows per page
Query Builder