Paloaltonetworks

Expedition

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.2

CVE-2025-0103

  • EPSS 0.23%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables ...

7

CVE-2025-0104

  • EPSS 0.43%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious li...

6.9

CVE-2025-0105

  • EPSS 1.16%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

6.9

CVE-2025-0106

  • EPSS 0.41%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 11.01.2025 03:15:22

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.

7.7

CVE-2025-0107

  • EPSS 35.13%
  • Veröffentlicht 11.01.2025 03:15:22
  • Zuletzt bearbeitet 15.01.2025 23:15:10

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device conf...

6.5

CVE-2024-9464

  • EPSS 85.04%
  • Veröffentlicht 09.10.2024 17:15:20
  • Zuletzt bearbeitet 17.10.2024 06:15:04

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device A...

9.1

CVE-2024-9465

Warnung Exploit
  • EPSS 94.24%
  • Veröffentlicht 09.10.2024 17:15:20
  • Zuletzt bearbeitet 04.11.2025 16:49:01

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also c...

6.5

CVE-2024-9466

  • EPSS 18.99%
  • Veröffentlicht 09.10.2024 17:15:20
  • Zuletzt bearbeitet 17.10.2024 06:15:04

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

6.1

CVE-2024-9467

  • EPSS 1.34%
  • Veröffentlicht 09.10.2024 17:15:20
  • Zuletzt bearbeitet 15.10.2024 15:09:13

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead t...

7.5

CVE-2024-9463

Warnung
  • EPSS 94.2%
  • Veröffentlicht 09.10.2024 17:15:19
  • Zuletzt bearbeitet 04.11.2025 16:48:57

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device...