CVE-2012-6599
https://notcve.org/view.php?id=CVE-2012-6599
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. La administración del dispositivo mediante el interfaz de comandos en Palo Alto Networks PAN-OS 4.0.x anterior a 4.0.8 y 4.1.x anterior a 4.1.1, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios a través de vectores sin especificar. Aka Ref ID 34502. • https://security.paloaltonetworks.com/CVE-2012-6599 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-6598
https://notcve.org/view.php?id=CVE-2012-6598
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. La administración del dispositivo mediante el interfaz de comandos en Palo Alto Networks PAN-OS 4.0.x anterior a 4.0.8, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios a través de vectores sin especificar. Aka Ref ID 33080. • https://security.paloaltonetworks.com/CVE-2012-6598 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-6594
https://notcve.org/view.php?id=CVE-2012-6594
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. La gestión del dispositivo a través del interfaz de comandos en Palo Alto Networks PAN-OS anterior a 3.1.11 y 4.0.x anterior a 4.0.8, y 4.1.x anterior a 4.1.1, permite a usuarios autenticados remotamente ejecutar comandos arbitrarios a través de vectores no especificados. Aka Ref ID 34299. • https://security.paloaltonetworks.com/CVE-2012-6594 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-6590
https://notcve.org/view.php?id=CVE-2012-6590
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139. La aplicación de gestión web UI de Palo Alto Networks PAN-OS 4.0.x anterior a 4.0.8 permite a atacantes remotos obtener información de errores a través de datos de entrada manipulados. Aka Ref ID 33139. • https://security.paloaltonetworks.com/CVE-2012-6590 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-5663
https://notcve.org/view.php?id=CVE-2013-5663
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195. La característica App-ID cache en Palo Alto Networks PAN-OS anterior a 4.0.14, 4.1.x anterior a 4.1.11 y 5.0.x anterior a 5.0.2, permite a atacantes remotos evitar las políticas de seguridad establecidas a través de una petición que provoca un cacheo no válido, como se demostró mediante la identificación incorrecta del tráfico HTTP como tráfico SIP. Aka Ref ID 47195. • http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptx http://pastie.org/pastes/5568186/text http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update https://security.paloaltonetworks.com/CVE-2013-5663 • CWE-264: Permissions, Privileges, and Access Controls •