Page 9 of 66 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de administración en Palo Alto Networks PAN-OS 7.x en versiones anteriores a 7.0.8 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario a través de vectores no especificados. • http://www.securitytracker.com/id/1036192 https://security.paloaltonetworks.com/CVE-2016-2219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 95%CPEs: 10EXPL: 7

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. GNU wget en versiones anteriores a 1.18 permite a servidores remotos escribir archivos arbitrarios redirigiendo una petición desde HTTP a una fuente FTP manipulada. It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution. • https://www.exploit-db.com/exploits/49815 https://www.exploit-db.com/exploits/40064 https://github.com/gitcollect/CVE-2016-4971 https://github.com/mbadanoiu/CVE-2016-4971 https://github.com/dinidhu96/IT19013756_-CVE-2016-4971- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1 http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html http://packetstormsecurity.com/files • CWE-73: External Control of File Name or Path •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. La interfaz web de administración en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5 permite a atacantes remotos ejecutar comandos del SO arbitrarios a través de una llamada API no especificada. • https://security.paloaltonetworks.com/CVE-2016-3655 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. La interfaz de línea de comandos (CLI) de administración de dispositivo en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 5.1.x en versiones anteriores a 5.1.11, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5H2 permite a administradores remotos autenticados ejecutar comandos del SO arbitrarios a través de un parámetro de comando SSH. • https://security.paloaltonetworks.com/CVE-2016-3654 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request. El GlobalProtect Portal en Palo Alto Networks PAN-OS en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.13, 6.1.x en versiones anteriores a 6.1.10 y 7.0.x en versiones anteriores a 7.0.5H2 permite a atacantes remotos provocar una denegación de servicio (caída de servicio) a través de una petición manipulada. • https://security.paloaltonetworks.com/CVE-2016-3656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •