Lucene search
K

111 matches found

NVD
NVD
added 2022/09/02 6:15 p.m.21 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

9.8CVSS0.01029EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.4 views

PT-2022-8647 · Unknown +1 · Modsecurity +2

Name of the Vulnerable Software and Affected Versions: Modsecurity owasp-modsecurity-crs version 3.2.0 Description: The issue allows attackers to bypass Modsecurity WAF protection using comment characters and variable assignments in SQL syntax, enabling them to implement SQL injection attacks on...

9.8CVSS7.9AI score0.02542EPSS
Exploits4References42
Cvelist
Cvelist
added 2022/09/02 12:0 a.m.37 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

9.8AI score0.01029EPSS
Exploits1References3
CVE
CVE
added 2022/09/02 12:0 a.m.73 views

CVE-2020-22669

CVE-2020-22669 affects the OWASP ModSecurity CRS; a SQL injection bypass exists in ModSecurity CRS versions including 3.2.0 PL1. Reports describe bypass via SQL syntax comments/variable assignments that defeat CRS protections. Debian and Mageia advisories indicate remediation by upgrading CRS to ...

9.8CVSS9.6AI score0.01029EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/11/05 6:15 p.m.23 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS0.02542EPSS
Exploits1References8
OSV
OSV
added 2021/11/05 6:15 p.m.19 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS6.7AI score0.02542EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2021/11/05 6:15 p.m.47 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.1AI score0.02542EPSS
Exploits1References2
Prion
Prion
added 2021/11/05 6:15 p.m.24 views

Cross site request forgery (csrf)

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

7.5CVSS9.3AI score0.02542EPSS
Exploits1References8Affected Software3
Cvelist
Cvelist
added 2021/11/05 12:0 a.m.36 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.6AI score0.02542EPSS
Exploits1References8
CVE
CVE
added 2021/11/05 12:0 a.m.85 views

CVE-2021-35368

CVE-2021-35368 affects OWASP ModSecurity Core Rule Set (CRS) 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 via a Request Body Bypass caused by a trailing pathname. The issue is validated across multiple advisories: GLSA-202305-25 (Gentoo) instructs upgrading to CRS 3.2.2 or 3.3.3...

9.8CVSS9.2AI score0.02542EPSS
Exploits1References8Affected Software1
Kitploit
Kitploit
added 2021/04/10 9:30 p.m.533 views

Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls WAF for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let's say you defined 2 payloads, 3 encoders Base64, JSON, and...

7.1AI score
Exploits0References1
NVD
NVD
added 2019/07/09 7:15 p.m.40 views

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

7.5CVSS7.6AI score0.01466EPSS
Exploits1References2
OSV
OSV
added 2019/07/09 7:15 p.m.32 views

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

7.5CVSS7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/07/09 7:15 p.m.34 views

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

7.5CVSS7.1AI score0.01466EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/07/09 6:7 p.m.33 views

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

8.1AI score0.01466EPSS
Exploits1References2
NVD
NVD
added 2019/04/21 2:29 a.m.20 views

CVE-2019-11391

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...

5.3CVSS5.3AI score0.01625EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/04/21 2:29 a.m.21 views

CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

5.3CVSS6.1AI score0.01671EPSS
Exploits1References2
OSV
OSV
added 2019/04/21 2:29 a.m.12 views

CVE-2019-11387

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators...

5.3CVSS6.8AI score0.02375EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/04/21 2:29 a.m.20 views

CVE-2019-11387

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators...

5.3CVSS6.1AI score0.02375EPSS
Exploits0References2
OSV
OSV
added 2019/04/21 2:29 a.m.9 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS5.1AI score
Exploits0References2
Rows per page
Query Builder