Lucene search
+L

136 matches found

Cvelist
Cvelist
added 2019/10/09 8:20 p.m.17 views

CVE-2019-15014

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI...

9.1AI score0.02294EPSS
Exploits0References1
CVE
CVE
added 2019/10/09 8:20 p.m.73 views

CVE-2019-15015

ZingBox Inspector (Palo Alto Networks) versions 1.294 and earlier are affected by a hardcoded-credentials vulnerability in which root and inspector user accounts are embedded in the system software, potentially allowing unauthorized access and full control. Root cause: hardcoded credentials in th...

8.4CVSS8AI score0.00356EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.26 views

CVE-2019-15019

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector...

9.4AI score0.01485EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.20 views

CVE-2019-15021

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network...

5.1AI score0.01036EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.33 views

CVE-2019-1584

A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint...

9.9AI score0.02845EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.23 views

CVE-2019-15015

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system...

8.1AI score0.00356EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.23 views

CVE-2019-15016

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database...

8.9AI score0.01161EPSS
Exploits0References1
CVE
CVE
added 2019/10/09 8:20 p.m.88 views

CVE-2019-1584

CVE-2019-1584 affects Zingbox Inspector versions 1.293 and earlier. The issue enables remote code execution when the Inspector processes a malicious command from the Zingbox cloud or is tampered with to connect to an attacker’s cloud endpoint. Root cause noted across sources includes insufficient...

9.8CVSS9.8AI score0.02845EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/09 8:20 p.m.73 views

CVE-2019-15019

CVE-2019-15019 affects Palo Alto Networks Zingbox Inspector, specifically versions 1.294 and earlier. The root cause is insufficient input validation in the network traffic handler, which could allow a remote attacker to intercept and modify a software update package. Impact is the ability to del...

9.8CVSS9.3AI score0.01485EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/09 8:20 p.m.80 views

CVE-2019-15014

CVE-2019-15014 affects Palo Alto Networks Zingbox Inspector 1.286 and earlier. The vulnerability is a command injection in the Inspector CLI that allows an authenticated user to run arbitrary system commands. Exploitation details are not provided in the documents, but the impact is high (CLI-leve...

9CVSS8.9AI score0.02294EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/09 8:20 p.m.89 views

CVE-2019-15023

CVE-2019-15023 affects Palo Alto Networks Zingbox Inspector 1.294 and earlier, where passwords for 3rd‑party integrations are stored in cleartext in device configuration. This information‑disclosure vulnerability can enable attackers with access to the appliance to view plaintext credentials. Sev...

7.5CVSS7.4AI score0.00845EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.17 views

CVE-2019-15020

A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection...

9.8AI score0.00889EPSS
Exploits0References1
CVE
CVE
added 2019/10/09 8:20 p.m.82 views

CVE-2019-15017

CVE-2019-15017 affects Palo Alto Networks Zingbox Inspector versions 1.294 and earlier. The SSH service is exposed to the local network; with PAN-SA-2019-0027, an attacker could authenticate using hardcoded credentials, enabling unauthorized SSH access. The practical impact is unauthorized access...

8.4CVSS8.1AI score0.00356EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/09 8:20 p.m.80 views

CVE-2019-15016

The CVE-2019-15016 issue affects Zingbox Inspector (Palo Alto Networks) where the management interface permits SQL commands via unsanitized user input from the web UI in versions 1.288 and earlier. Root cause: lack of validation/sanitization in SQL query construction, enabling an authenticated us...

8.8CVSS8.8AI score0.01161EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/09 8:20 p.m.18 views

CVE-2019-15018

A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant...

7.6AI score0.01182EPSS
Exploits0References1
CVE
CVE
added 2019/10/09 8:20 p.m.79 views

CVE-2019-15022

The CVE-2019-15022 issue affects Zingbox Inspector versions 1.294 and earlier, where the tool is vulnerable to ARP spoofing due to insufficient ARP protection. Impact, as described in the sources, is the potential for ARP spoofing attacks against the Inspector, with referenced advisories noting t...

7.5CVSS7.4AI score0.01069EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/09 8:20 p.m.78 views

CVE-2019-15021

CVE-2019-15021 affects Palo Alto Networks Zingbox Inspector prior to 1.295 (

5.3CVSS5.1AI score0.01036EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2019/10/01 7:0 a.m.31 views

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

2.1AI score0.01161EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2019/10/01 7:0 a.m.6 views

SQL Injection in Zingbox Inspector

An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Ref: CVE-2019-15016 The vulnerability allows for authenticated users to pass unsanitized commands ...

8.8CVSS7.8AI score0.01161EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2019/10/01 7:0 a.m.40 views

Command Injection in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Ref: CVE-2019-15020 The vulnerability allows for an attacker in a position to intercept a software upda...

9.8AI score0.00889EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder