111 matches found
Openbravo ERP XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/dns' require 'rexml/document' class MetasploitModule 'Openbravo ERP XXE Arbitrary File Read', 'Description' = %q The Openbravo ERP XML API expands external...
MAL-2024-6317 Malicious code in aastra-xml-api (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in aastra-xml_api (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in aastra-xml-api (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2023-34282
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this...
Palo Alto Networks PAN-OS 9.0.x < 9.0.17-h4 / 9.1.x < 9.1.17 / 10.1.x < 10.1.11 / 10.2.x < 10.2.5 / 11.0.x < 11.0.2 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.17-h4 or 9.1.x prior to 9.1.17 or 10.1.x prior to 10.1.11 or 10.2.x prior to 10.2.5 or 11.0.x prior to 11.0.2. It is, therefore, affected by a vulnerability. - An improper privilege management vulnerability ...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Palo Alto Networks PAN-OS XML API Command Injection Vulnerability
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a command injection vulnerability that stems from a failure to properly filter construct command special characters, commands, etc. in the XML API. An attacker cou...
Palo Alto Networks PAN-OS 8.1.x < 8.1.24 / 9.0.x < 9.0.17 / 9.1.x < 9.1.15 / 10.0.x < 10.0.12 / 10.1.x < 10.1.6 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.24 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.15 or 10.0.x prior to 10.0.12 or 10.1.x prior to 10.1.6. It is, therefore, affected by a vulnerability. - An OS command injection vulnerability in the XML AP...
CVE-2023-6793
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...
CVE-2023-6793
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...
Privilege escalation
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...
CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...
CVE-2023-6793
CVE-2023-6793 affects Palo Alto Networks PAN-OS: an improper privilege management flaw allows an authenticated read-only admin to revoke XML API keys and disrupt XML API usage. Vulnerable if running PAN-OS versions: 9.0.x before 9.0.17-h4, 9.1.x before 9.1.17, 10.1.x before 10.1.11, 10.2.x before...
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
CVE-2023-6792 PAN-OS: OS Command Injection Vulnerability in the XML API
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...
CVE-2023-6792
CVE-2023-6792 describes an OS command injection in the XML API of Palo Alto Networks PAN-OS. An authenticated API user can exploit the XML API to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Affected: PAN-OS (various versions prior to th...
PAN-OS: OS Command Injection Vulnerability in the XML API
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Work around: Customers with a Threat Prevention subscription can...
PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage. Work around: This issue requires the attacker to have authenticated access to the PAN-OS...