exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 87 RSS Feed

Files

pan_src_b2.zip
Posted Nov 20, 1999
Authored by Simple Nomad | Site nmrc.org

Pandora v4 Beta 2 Full Source Code for Windows.

systems | windows
SHA-256 | db40217fe9c204f517fc1c297739c59110cd3db27f3c17085c141a05c0c4c1fa

Related Files

Palo Alto Networks Authenticated Remote Code Execution
Posted Sep 16, 2022
Authored by UnD3sc0n0c1d0, Mikhail Klyuchnikov, jheysel-r7, Nikita Abramov | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS versions prior to 10.0.1, 9.1.4 and 9.0.10.

tags | exploit, arbitrary, root
advisories | CVE-2020-2038
SHA-256 | bd8da0b51bb49981c02de534b677f79ab91e97edd6c6f772d526bed01cfe7f69
PAN-OS 10.0 Remote Code Execution
Posted Aug 9, 2022
Authored by UnD3sc0n0c1d0

PAN-OS version 10.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-2038
SHA-256 | c1282cb5ecd90e16f595092c1707c237e44c6b5bd2c379fcb5da77524df6d2c8
Pandora FMS 7.0NG.742 Remote Code Execution
Posted Jun 20, 2022
Authored by UNICORD

Pandora FMS version 7.0NG.742 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-5844
SHA-256 | ac39352c307623cf077326d3666bd28441606ec4116fc142efb301e832dae27d
Pandora FMS 7.54 Cross Site Scripting
Posted Jul 12, 2021
Authored by nu11secur1ty

Pandora FMS versions 7.54 and below suffer from a persistent cross site scripting vulnerability. This entry has been updated on 2021/07/23 with a fully automated version of the exploit.

tags | exploit, xss
advisories | CVE-2021-35501
SHA-256 | e75ede29d2db34274ca7f88965ac59c8b998641434d14fc01906dab37a2fd3e1
Pandora FMS 6.0SP3 Cross Site Scripting
Posted May 27, 2021
Authored by nu11secur1ty

Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-0527
SHA-256 | 3b6f367e28fda80ee9013841f4548d6f8dac15f5ef5c2407f7565d83c29588af
Pandora FMS 7.0 NG 750 SQL Injection
Posted Dec 22, 2020
Authored by Matthew Aberegg, Alex Prieto

Pandora FMS version 7.0 NG 750 suffers from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 94815c26559505298a1cb1fc0a69e0cedbaea0f40be9da21f98b28c6648ad498
Pandora FMS 7.0 NG 749 SQL Injection
Posted Nov 14, 2020
Authored by Matthew Aberegg, Alex Prieto

Pandora FMS version 7.0 NG 749 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 253dfa7a3e2d99996a09dec0b093012c662b738d84a7d09ccec7a3e7f7c02a96
Krpano Panorama Viewer 1.20.8 Cross Site Scripting
Posted Oct 6, 2020
Authored by Adriano Marcio Monteiro

Krpano Panorama Viewer versions 1.20.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 61b7d1777ea0ce74e001bb9d8572c8449ed98e6b6b43fda16fc7aab2e7daf620
Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
SHA-256 | 8c2e13e57553407ba5b46b1cb763ce1bf256fd53ba20f8b4cb5a87d5d92785b0
Pandora FMS 7.0 NG 746 Script Insertion / Code Execution
Posted Jul 11, 2020
Authored by AppleBois

Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload.

tags | exploit, remote, code execution, xss
SHA-256 | 64e36d03c3089797faac90e20543e9c26c28b2c3f60a28025478ea83f9b2f677
PanaceaSoft Shell Upload
Posted May 29, 2020
Authored by SyFi

Various PanaceaSoft products appear to suffer from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | e7ff3b66bb7350d5b9bc20efd9077e3228ee400411b82793b4fee4a799111543
Pandora FMS Ping Authenticated Remote Code Execution
Posted Apr 6, 2020
Authored by Onur ER | Site metasploit.com

This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.

tags | exploit, remote, arbitrary, php
SHA-256 | 13c1b77ffe29ebb14e76ff947c09afeab3c3fd57df6d696dbd84ba9e2f67037a
Pandora FMS 7.0NG Remote Code Execution
Posted Apr 3, 2020
Authored by Basim Alabdullah

Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.

tags | exploit, remote, php, code execution
SHA-256 | d454f418936799e9e87e21106791463980378279e2a5c88c06144c06c9fc338b
Pandora FMS 7.0 Authenticated Remote Code Execution
Posted Feb 13, 2020
Authored by Engin Demirbilek

Pandora FMS version 7.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8947
SHA-256 | e8569c21b7bc7bcd154f048ee7b342645684557e5d7eed9343a3c351f795a4a4
Pandora 7.0NG Remote Code Execution
Posted Jan 10, 2020
Authored by Askar

Pandora version 7.0NG suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-20224
SHA-256 | c7b678b946009e18d848768f85e0b95db2768937faaea0950ebe94f56b370033
PaloAlto Networks Expedition Migration Tool 1.0.106 Information Disclosure
Posted Dec 4, 2018
Authored by ParagonSec

PaloAlto Networks Expedition Migration Tool version 1.0.106 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | f24c7c978f7320bb915189b7d445fdafb8a66dd4274c40db4e41a3cfebe3caa6
Palo Alto Networks readSessionVarsFromFile() Session Corruption
Posted May 7, 2018
Authored by H D Moore, Philip Pettersson | Site metasploit.com

This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by exploiting a vulnerable cron script. This Metasploit module uses an initial reverse TLS callback to stage arbitrary payloads on the target appliance. The cron job used for the final payload runs every 15 minutes by default and exploitation can take up to 20 minutes.

tags | exploit, arbitrary, root, vulnerability, code execution
advisories | CVE-2017-15944
SHA-256 | f9f9ce5b8abd0f8306e641f3db279345c840570cf53ebfcf9179efb66f27a90f
Palo Alto Networks PAN-OS Cookie Injection
Posted Dec 19, 2017
Authored by Zerial

Palo Alto Networks PAN-OS versions before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

tags | exploit, remote, arbitrary
advisories | CVE-2017-15944
SHA-256 | 7be48f21d06d8e8fb84d281ea3b5bbbd64537ad06a4e2cece5e4add5ee476653
Palo Alto Networks Firewalls Remote Root Code Execution
Posted Dec 13, 2017
Authored by Philip Pettersson

Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and PAN-OS versions 8.0.5 and earlier. Full details provided.

tags | exploit, web, root
advisories | CVE-2017-15944
SHA-256 | 423165abff379221a69928e849d6eaf810ce20df2beeebabe792f214c5f2d026
Panda Cloud Antivirus Free 18.0 Denial Of Service
Posted Apr 29, 2017
Authored by Peter Baris

Panda Cloud Antivirus Free version 18.0 suffers from a PSKMAD.sys denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a6bac1e24962b0e5e457f5b1f41cfd2f18bc6f49630f5250be3fb14fadab90ef
Palo Alto Networks Terminal Services Agent 7.0.3-13 Integer Overflow
Posted Jan 31, 2017
Authored by Parvez Anwar

Palo Alto Networks Terminal Services Agent version 7.0.3-13 suffers from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-5329
SHA-256 | e45c3f4e0cdee5a0f78e1af2cc44ac9e669a192a272936672aad7c5fe6575cb3
Panda Internet Security 17.0.1 Privilege Escalation
Posted Oct 28, 2016
Authored by Heliand Dema

Panda Internet Security version 17.0.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | 85c6106ae7d20271fb395f192579ec70aa06342ae7d88ad6c992ceda7befb047
Panda Security PSEvents Privilege Escalation
Posted Oct 22, 2016
Authored by h00die | Site metasploit.com

PSEvents.exe within several Panda Security products runs hourly with SYSTEM privileges. When run, it checks a user writable folder for certain DLL files, and if any are found they are automatically run. Vulnerable products include Panda Global Protection 2016 versions 16.1.2 and below, Panda Antivirus Pro 2016 versions 16.1.2 and below, Panda Small Business Protection versions 16.1.2 and below, and Panda Internet Security 2016 versions 16.1.2 and below.

tags | exploit
SHA-256 | 675a9794c4c179230ddd016c62462e8da69b4d5e807de5679903fd32ada74613
Panda 16.1.2 Local Privilege Escalation
Posted Jun 27, 2016
Authored by Ashraf Alharbi | Site security-assessment.com

Multiple Panda Security products are vulnerable to local privilege escalation. As the USERS group has write permissions over the folder where the PSEvents.exe process is located, it is possible to execute malicious code as Local System.

tags | advisory, local
SHA-256 | f2c3335b56476d81d249fe69f248bb45a5f8e46e582bf79a99ae8afe17b0dee0
Panda SM Manager 2.0.10 Certificate Validation Fail
Posted Mar 3, 2016
Authored by David Coomber

Panda SM Manager versions 2.0.10 and below fail to verify the SSL certificate they receive when connecting to a secure site.

tags | advisory
SHA-256 | dfe5300d2107330ced841e180c483ee653bc38ee91c0e0d2ee0ee149d923f6e8
Page 1 of 4
Back1234Next

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    12 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close