Lucene search
K

523 matches found

CNNVD
CNNVD
added 2021/02/10 12:0 a.m.10 views

Prisma Cloud Compute Data Forgery Issue Vulnerability

A data forgery issue vulnerability exists in Prisma Cloud Compute that arises from a network system or product that does not adequately validate the origin or authenticity of data. An attacker could exploit the falsified data to conduct an attack...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.37 views

Palo Alto Networks PAN-OS 8.x < 8.1.15 / 9.0.x < 9.0.9 / 9.1.x < 9.1.3 TLS 1.0 Usage Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.x prior to 8.1.15 or 9.0.x prior to 9.0.9 or 9.1.x prior to 9.1.3. It is, therefore, affected by a TLS 1.0 usage vulnerability. Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, whi...

5.8CVSS5.3AI score0.00421EPSS
Exploits0References3
NVD
NVD
added 2020/07/08 5:15 p.m.30 views

CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

9.3CVSS0.06592EPSS
Exploits1References1
NVD
NVD
added 2020/07/08 5:15 p.m.17 views

CVE-2020-2030

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue doe...

9CVSS0.0253EPSS
Exploits0References1
Prion
Prion
added 2020/07/08 5:15 p.m.17 views

Command injection

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue doe...

9CVSS7.5AI score0.0253EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/08 5:15 p.m.15 views

Design/Logic Flaw

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitati...

5.8CVSS5AI score0.00421EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/08 5:15 p.m.31 views

Command injection

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

9.3CVSS9.3AI score0.06592EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/07/08 4:35 p.m.35 views

CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

8.1CVSS9.2AI score0.06592EPSS
Exploits1References1
CVE
CVE
added 2020/07/08 4:35 p.m.61 views

CVE-2020-1982

CVE-2020-1982 is a PAN-OS TLS 1.0 usage issue affecting PAN-OS 8.x (before 8.1.15), 9.0.x (before 9.0.9), and 9.1.x (before 9.1.3). The vulnerability involves certain PAN-OS to cloud-delivered services communications (Cortex Data Lake, Customer Support Portal, Prisma Access) using TLS 1.0. The re...

5.8CVSS5AI score0.00421EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/07/08 12:0 a.m.146 views

CVE-2020-2034 — PAN-OS: OS command injection vulnerability in GlobalProtect portal

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

10CVSS9.3AI score0.06592EPSS
In wildExploits2References2
The Coalfire Blog
The Coalfire Blog
added 2019/10/18 4:34 p.m.11 views

New News About the HITRUST Scoring Rubric and PRISMA Model

This is a high-level overview of the most significant changes about the updated HITRUST scoring rubric and PRISMA model that will affect all organizations using the HITRUST framework. It contains tips and guidance for how to prepare for upcoming HITRUST assessments. If you need a deeper dive into...

1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/10/16 2:10 a.m.9 views

cov.prisma-college.nl XSS vulnerability

Open Bug Bounty ID: OBB-686490 Description| Value ---|--- Affected Website:| cov.prisma-college.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

0.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/03/31 10:29 p.m.3 views

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

9.8CVSS5.6AI score0.58528EPSS
Exploits2References4
Prion
Prion
added 2018/03/31 10:29 p.m.12 views

Hardcoded credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

7.5CVSS9.5AI score0.58528EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2018/03/31 10:29 p.m.18 views

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

9.8CVSS9.6AI score0.58528EPSS
Exploits2References2
CVE
CVE
added 2018/03/31 10:0 p.m.62 views

CVE-2018-9161

CVE-2018-9161 affects PrismaWEB 1.21 (Prisma Industriale Checkweigher). The connected documentation shows a credential-disclosure vulnerability where hard-coded credentials are stored in and disclosed via login_par.js (used by the Login() function in script.js), allowing remote attackers to bypas...

9.8CVSS9.5AI score0.58528EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2018/03/31 10:0 p.m.19 views

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

9.7AI score0.58528EPSS
Exploits2References2
exploitpack
exploitpack
added 2018/03/12 12:0 a.m.22 views

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2018/03/12 12:0 a.m.31 views

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web Administration of Machine. Desc: The vulnerability exists due to the disclosure o...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/03/12 12:0 a.m.25 views

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web Administration of...

7.1AI score
Exploits0
Rows per page
Query Builder