24 matches found
EUVD-2021-17292
Malware in sbrugna...
EUVD-2023-31841
Malicious code in bioql PyPI...
CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page...
CVE-2021-30361
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS...
Check Point Gaia Portal 安全漏洞
Check Point Gaia Portal is a web-based advanced interface for Gaia platform configuration from Check Point Israel. A security vulnerability exists in Check Point Gaia Portal that originates from an authenticated user being able to inject code or commands using global variables via a special HTTP...
Check Point Response to CVE-2024-24914 - TCL substitution of global parameter values
Symptoms - After logging in to Gaia Portal, authenticated users local Gaia users and RADIUS / TACACS users may cause code injection in Gaia Portal because of unprotected global variables usage when processing the HTTP request in the TCL process. This issue received the ID CVE-2024-24914. Solution...
The vulnerability of the cgi-bin/hosts_dns.tcl component of the Gaia Portal web interface allows a perpetrator to execute arbitrary commands on the Quantum Security Gateways and Quantum Appliances operating systems.
The vulnerability of the cgi-bin/hostsdns.tcl web interface for configuring the Gaia Portal on the operating system of Quantum Security Gateways and Quantum Appliances is related to the failure to eliminate special elements used in the operating system’s command processing when handling the...
Checkpoint Gaia Portal R81.10 Remote Command Execution Vulnerability
========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...
Checkpoint Gaia Portal R81.10 Remote Command Execution
========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...
CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page...
CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page...
Privilege escalation
Local user may lead to privilege escalation using Gaia Portal hostnames page...
CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page...
CVE-2023-28130
CVE-2023-28130 affects Check Point Gaia Portal. The root cause is improper handling of the hostname parameter in Gaia Portal’s hostnames page, enabling command injection and local privilege escalation. Public material indicates affected Gaia Portal/release lines (R81.x to R81.20, R80.40) with in-...
CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page...
Quantum Appliances 命令注入漏洞
Quantum Appliances is a backup appliance from Quantum. A security vulnerability exists in Quantum Appliances, Quantum Security Gateways versions R80.20SP, R80.30SP, R80.40, R81, R81.10, R81.20, which stems from the fact that a local user's use of the Gaia Portal hostnames page may lead to Privile...
Check Point Response to CVE-2023-28130 - Hostname command injection in Gaia Portal
Symptoms - Local user may lead to privilege escalation using Gaia Portal "Hosts and DNS" page. This issue received the ID CVE-2023-28130. Solution This problem was fixed. The fix adds more validations on user input and is included starting from: Check Point R82 Jumbo Hotfix Accumulator for R81.20...
PT-2023-4187 · Check Point · Check Point Gaia Portal +1
Name of the Vulnerable Software and Affected Versions: Check Point Gaia Portal affected versions not specified Description: The issue is related to a command injection vulnerability in the Check Point Gaia Portal. It allows a local user to potentially escalate privileges using the Gaia Portal...
CVE-2021-30361
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS...
Command injection
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS...