28 matches found
PAN-OS - Reflected Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link.The...
EUVD-2020-12777
Malware in sbrugna...
EUVD-2020-12779
Malware in sbrugna...
EUVD-2012-3987
Malware in sbrugna...
CVE-2012-4043
Cross-site scripting XSS vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection...
The vulnerability of the Global Protect Agent for Windows’ software protection suite lies in the insecure management of privileges, allowing attackers to escalate their privileges.
The vulnerability of the Global Protect Agent for Windows endpoint protection software is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
Exploit for OS Command Injection in Paloaltonetworks Pan-Os
CVE-2020-2034-POC Determine the Version Running on the Palo Al...
The vulnerability of the Global Protect Agent for Windows’ security software suite lies in the lack of quotation marks in the code for elements or search paths, allowing attackers to gain system privileges.
The vulnerability of the Global Protect Agent for Windows software lies in the absence of quotation marks in the code for elements or search paths. Exploiting this vulnerability can allow an attacker to gain system privileges...
The vulnerability of the Global Protect Agent for Linux’s endpoint protection software lies in its insecure handling of privileges. This allows attackers to elevate their privileges to the root level.
The vulnerability of the Global Protect Agent for Linux endpoint protection software lies in the insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability of the Global Protect Agent’s endpoint protection software lies in the lack of protection for service data, which allows attackers to read VPN cookie information.
The vulnerability of the reporting component of the Global Protect Agent for Linux software lies in the lack of protection for service data. Exploiting this vulnerability could allow attackers to read VPN cookie information...
CVE-2020-1987
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versio...
CVE-2020-1989
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...
Design/Logic Flaw
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk C:\ or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5...
Privilege escalation
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...
Information disclosure
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versio...
CVE-2020-1987
Affected software: Palo Alto Networks GlobalProtect Agent/App (Windows/macOS). Vulnerability: Information disclosure in the logging component when troubleshooting logging level is set to “Dump”; an authenticated, local attacker can read VPN cookie information. Affect version(s): GlobalProtect Age...
CVE-2020-1989 Global Protect Agent: Incorrect privilege assignment allows local privilege escalation
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for...
CVE-2020-1989
CVE-2020-1989 affects Palo Alto Networks GlobalProtect Agent for Linux on ARM, due to an incorrect privilege-assignment flaw when writing application-specific files. This enables a local authenticated user to gain root privileges. Affected: GlobalProtect Agent for Linux 5.0 before 5.0.8; 5.1 befo...
CVE-2020-1988
The issue is an unquoted search path privilege-escalation in Windows releases of Palo Alto GlobalProtect App/Agent. A local, authenticated user who can create files at the root of C:\ or in Program Files could gain SYSTEM privileges. Affected versions: GlobalProtect Agent 5.0.x before 5.0.5 and 4...