98 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-34298 – Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-34298

14 Jun 2023 — Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-23-858 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 34%CPEs: 39EXPL: 0

CVE-2022-21826

https://notcve.org/view.php?id=CVE-2022-21826

30 Sep 2022 — Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. Pulse Secure versiones 9.115,y anteriores, pueden ser susceptibles de contrab... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 8.3EPSS: 1%CPEs: 21EXPL: 0

CVE-2021-44720

https://notcve.org/view.php?id=CVE-2021-44720

11 Aug 2022 — In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. En Ivanti Pulse Secure Pulse Connect Secure (PCS) versiones anteriores a 9.1R12, la contraseña del administrador se almacena en el código fuente HTML de la pantalla "Maintenance ) Push Configuration ) Targets ) Target ... • https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.8EPSS: 13%CPEs: 26EXPL: 0

CVE-2021-22965

https://notcve.org/view.php?id=CVE-2021-22965

19 Nov 2021 — A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. Una vulnerabilidad en Pulse Connect Secure versiones anteriores a 9.1R12.1, podría permitir a un administrador no autenticado causar una denegación de servicio cuando es enviada una petición malformada al dispositivo • https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44879/?kA13Z000000L3ZF • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.2EPSS: 9%CPEs: 13EXPL: 0

CVE-2021-22937

https://notcve.org/view.php?id=CVE-2021-22937

16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una escritura de archivos por medio de un archivo malicioso cargado en la interfaz web del administrador. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2021-22936

https://notcve.org/view.php?id=CVE-2021-22936

16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un actor de amenazas llevar a cabo un ataque de tipo cross-site script contra un administrador autenticado por medio de un parámetro web no digitalizado. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 6%CPEs: 13EXPL: 0

CVE-2021-22935

https://notcve.org/view.php?id=CVE-2021-22935

16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una inyección de comandos por medio de un parámetro web no saneado. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.2EPSS: 4%CPEs: 13EXPL: 0

CVE-2021-22934

https://notcve.org/view.php?id=CVE-2021-22934

16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado o a un dispositivo Pulse Connect Secure comprometido en una configuración de carga equilibrada llevar a cabo un desbordamiento del búfer por medio de u... • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 6%CPEs: 13EXPL: 0

CVE-2021-22938

https://notcve.org/view.php?id=CVE-2021-22938

16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podía permitir a un administrador autenticado llevar a cabo una inyección de comandos por medio de un parámetro web no saneado en la consola web del administrador. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 6%CPEs: 13EXPL: 0

CVE-2021-22933

https://notcve.org/view.php?id=CVE-2021-22933

16 Aug 2021 — A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. Una vulnerabilidad en Pulse Connect Secure, versiones anteriores a 9.1R12, podría permitir a un administrador autenticado llevar a cabo una eliminación de archivos arbitraria por medio de una petición web maliciosamente diseñada. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •