22 matches found
EUVD-2020-22059
Malware in sbrugna...
EUVD-2023-48577
Malicious code in bioql PyPI...
CVE-2023-44218
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation LPE vulnerability...
CVE-2023-44218
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation LPE vulnerability...
CVE-2023-44218
SonicWall NetExtender Pre-Logon vulnerability (CVE-2023-44218) affects the Windows NetExtender Pre-Logon feature, enabling local privilege escalation to SYSTEM. The root cause is described as insecure privilege management. Impact is unauthorized host access with SYSTEM privileges; no exploit deta...
SonicWALL NetExtender Security Vulnerabilities
SonicWALL NetExtender is a software application from SonicWALL USA that allows remote users to connect to remote networks in a secure manner. Provides simple and secure access for Windows and Linux users. A security vulnerability exists in SonicWall NetExtender that stems from a local elevation o...
SonicWall NetExtender Pre-Logon Vulnerability
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation LPE vulnerability. SonicWall strongly advises SSL VPN NetExtender client users to...
K11795: Pre-logon sequence vulnerability to Cross-Site Scripting
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K11797: Pre-logon sequence vulnerability to token spoofing
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...
CVE-2021-40124
A vulnerability in the Network Access Manager NAM module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user...
CVE-2021-34546
An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to...
CVE-2020-2033
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
Design/Logic Flaw
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
CVE-2020-2033
Summary of CVE-2020-2033 Affected product: Palo Alto Networks GlobalProtect app (GlobalProtect Agent), specifically 5.0.x versions before 5.0.10 and 5.1.x versions before 5.1.4, when the pre-logon feature is enabled. Vulnerability and root cause: A missing certificate validation in the GlobalProt...
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
How to add a pre-log in or post-log in message for users in an on-prem Storefront environment
With on-prem Storefront, administrators can customise their users' pre-log in or post log-in experience by adding a pop-up welcome message...
Palo Alto Networks PAN-OS 5.0.9 Multiple Vulnerabilities
The remote host is running version 5.0.9 of Palo Alto Networks PAN-OS. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists due to an inability to handle IP packets larger than 1480 bytes through an Active/Active VWire setup. An attacker can exploit...
SOL11797 - Pre-logon sequence vulnerability to token spoofing
A vulnerability exists in the FirePass pre-logon sequence. Under certain conditions, the FirePass controller can accept the output of a pre-logon sequence check that would have been run on a different computer. This vulnerability would allow an attacker to use the pre-logon token from a workstati...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to 1 my.activation.php3 and 2 my.logon.php3...