Local Privilege Escalation in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. Ref PAN-70426/ CVE-2017-7218 Successfully...

Local Privilege Escalation in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. Ref PAN-70426/ CVE-2017-7218 Successfully...

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

Code injection

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2017-5583

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2017-5583

The CVE-2017-5583 vulnerability affects Palo Alto Networks PAN-OS prior to 6.1.16, 7.0.x prior to 7.0.13, and 7.1.x prior to 7.1.8. It is a post-authentication information-disclosure flaw in the Management Web Interface that allows remote authenticated users to read arbitrary files via unspecifie...

CVE-2017-5584

CVE-2017-5584 is a cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS Management Web Interface. Affected PAN-OS versions: 5.1; 6.x prior to 6.1.16; 7.0.x prior to 7.0.13; 7.1.x prior to 7.1.8. The issue allows remote authenticated users to inject arbitrary web script or HTML vi...

Palo Alto PAN-OS Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could result in Information Disclosure. Ref PAN-70428 / CVE-2017-5583 PAN-OS contains a post-authentication vulnerability that may allow for Information Disclosure. Successful exploitation allows an attacker to download arbitrary files...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could result in Information Disclosure. Ref PAN-70428 / CVE-2017-5583 PAN-OS contains a post-authentication vulnerability that may allow for Information Disclosure. Successful exploitation allows an attacker to download arbitrary files...

Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface ref PAN-66838 / CVE-2017-5584. PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting XSS attack of the management web interface. Successful exploitation of...

Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface ref PAN-66838 / CVE-2017-5584. PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting XSS attack of the management web interface. Successful exploitation of...

CVE-2016-9150

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2016-3655

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call...

Moxa Industrial Managed Switch Elevation of Privilege Vulnerability

Moxa EDS-405A/EDS-408A is a series of Ethernet switches. An elevation of privilege vulnerability exists in the management web interface of the Moxa EDS-405A/EDS-408A, which can be exploited by an attacker to bypass the authentication mechanism and elevate privileges...

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web...

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability

Cisco Wireless LAN Controller WLC Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the WLC management...