2 matches found
Multiple DenyAll Product Authentication Vulnerabilities
DenyAll i-Suite LTS and others are Web firewall products from DenyAll France. An authentication vulnerability exists in several DenyAll products. A remote attacker can exploit this vulnerability by sending a typeOf=debug request to the /webservices/download/index.php file and reading the iToken...
CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...