CVSS: 8.8EPSS: 93%CPEs: 10EXPL: 9CVE-2016-4971 – GNU Wget < 1.18 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-4971
21 Jun 2016 — GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expe... • https://packetstorm.news/files/id/162395 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3655
https://notcve.org/view.php?id=CVE-2016-3655
12 Apr 2016 — The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. La interfaz web de administración en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5 permite a atacantes remotos ejecutar comandos del SO arbitrarios a travé... • https://security.paloaltonetworks.com/CVE-2016-3655 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3656
https://notcve.org/view.php?id=CVE-2016-3656
12 Apr 2016 — The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. El GlobalProtect Portal en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5H2 permite a atacantes remotos provocar una denegación de servicio (caída de se... • https://security.paloaltonetworks.com/CVE-2016-3656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2016-3657
https://notcve.org/view.php?id=CVE-2016-3657
12 Apr 2016 — Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request. Desbordamiento de buffer en el GlobalProtect Portal en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.... • https://security.paloaltonetworks.com/CVE-2016-3657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3654
https://notcve.org/view.php?id=CVE-2016-3654
12 Apr 2016 — The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. La interfaz de línea de comandos (CLI) de administración de dispositivo en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 5.1.x en versiones anteriores a 5.1.11, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en... • https://security.paloaltonetworks.com/CVE-2016-3654 • CWE-20: Improper Input Validation •