Page 33 of 168 results (0.010 seconds)

CVSS: 4.3EPSS: 1%CPEs: 23EXPL: 1

The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195. La característica App-ID cache en Palo Alto Networks PAN-OS anterior a 4.0.14, 4.1.x anterior a 4.1.11 y 5.0.x anterior a 5.0.2, permite a atacantes remotos evitar las políticas de seguridad establecidas a través de una petición que provoca un cacheo no válido, como se demostró mediante la identificación incorrecta del tráfico HTTP como tráfico SIP. Aka Ref ID 47195. • http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptx http://pastie.org/pastes/5568186/text http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update https://security.paloaltonetworks.com/CVE-2013-5663 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. La administración del dispositivo mediante el interfaz de comandos en Palo Alto Networks PAN-OS 4.0.x anterior a 4.0.9 y 4.1.x anterior a 4.1.2, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios a través de vectores sin especificar. Aka Ref ID 34595. • https://security.paloaltonetworks.com/CVE-2012-6595 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. La gestión del dispositivo a través del interfaz web en Palo Alto Networks PAN-OS anterior a 3.1.12, 4.0.x anterior a 4.0.10 y 4.1.x anterior a 4.1.4, permite a usuarios autenticados remotamente evitar la autenticación y obtener privilegios de administrador. Aka Ref ID 37034. • https://security.paloaltonetworks.com/CVE-2012-6603 • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. El interfaz de gestión de línea de comandos en Palo Alto Networks PAN-OS anterior a 3.1.10 y 4.0.x anterior a 4.0.5, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios a través de vectores no especificados. Aka Ref ID 31116. • https://security.paloaltonetworks.com/CVE-2012-6591 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. Palo Alto Networks PAN-OS anterior a 3.1.10 y 4.0.x anterior a 4.0.5, permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores sin especificar. Aka Ref ID 31091. • https://security.paloaltonetworks.com/CVE-2012-6592 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •