Lucene search
K

4 matches found

CNVD
CNVD
added 2016/11/22 12:0 a.m.2 views

Palo Alto Networks PAN-OS Addresses Object Parser Injection Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in the Addresses Object parser of Palo Alto Networks PAN-OS, which arises from the program's failure to properly handle single quote characters. A...

6.5CVSS7.2AI score0.0204EPSS
Exploits0References1
Prion
Prion
added 2016/11/19 6:59 a.m.20 views

Design/Logic Flaw

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...

4CVSS6.9AI score0.0204EPSS
Exploits0References3Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2016/11/17 5:3 p.m.454 views

XPath Injection

The Addresses Object parsing function does not properly escape single quotes. Ref PAN-55237/92073/CVE-2016-9149 This post-authentication vulnerability could allow XPath manipulation. This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14...

4.5AI score0.0204EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2016/11/17 5:3 p.m.11 views

XPath Injection

The Addresses Object parsing function does not properly escape single quotes. Ref PAN-55237/92073/CVE-2016-9149 This post-authentication vulnerability could allow XPath manipulation. This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14...

6.5CVSS7.2AI score0.0204EPSS
Exploits0References1
Rows per page
Query Builder