72 matches found
OWASP Coraza WAF 资源管理错误漏洞
OWASP Coraza WAF is a golang modsecurity-compatible web application firewall library in the Coraza open source. A resource management error vulnerability exists in OWASP Coraza WAF version 3.0.0, which stems from misuse of log.Fatalf and causes applications using coraza to crash after receiving a...
SUSE CVE-2023-38199
coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...
The vulnerability of FortiWeb web applications’ network firewalls stems from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of FortiWeb web applications’ network firewalls is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted...
Fortinet FortiADC 安全漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC versions 5.0, 6.0.0, 6.1.0, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. An attacker could exploit the vulnerability to perform SQL injection and cross-site scripting...
CVE-2021-28130
Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary e.g., frwlsvc.exe bypasses firewall filters...
Dr.Web Firewall 代码问题漏洞
Dr.Web Firewall is a network firewall from the Russian company Dr.Web. A code issue vulnerability exists in Dr.Web Firewall that originates from Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A custom loaded DLL in a legitimate binary e.g. frwlsvc.exe...
MONITORAPP Application Insight Web Application Firewall 输入验证错误漏洞
MONITORAPP Application Insight Web Application Firewall AIWAF is an application firewall from MONITORAPP Corporation in South Korea. The MONITORAPP Application Insight Web Application Firewall suffers from an input validation error vulnerability that stems from a lack of input validation for one ...
OWASP ModSecurity Core Rule Set 安全漏洞
The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in the OWASP ModSecurity Core Rule Set that stems from inadequate implementation of security measures in the default...
CVE-2020-27728
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon AVRD may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices...
Authentication Error Vulnerability in Multiple F5 Products
F5 BIG-IP ASM and others are products of F5 Corporation, U.S.A. F5 BIG-IP ASM is a Web Application Firewall WAF, and F5 Enterprise Manager is a tool that provides a view of the entire BIG-IP Application Delivery Infrastructure and optimizes application performance.F5 BIG-IQ is a set of...
WAFW00F v1.0.0 - Detect All The Web Application Firewall!
WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
SonicWall SonicOS NSA Filter Bypass
Document Title: =============== SonicWall SonicOS NSA - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1729 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ====================================...
GTA Firewall GB-OS 6.2.02 Script Insertion
Document Title: =============== GTA Firewall GB-OS v6.2.02 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1713 Release Date: ============= 2016-02-24 Vulnerability Laboratory ID VL-ID:...
GTA WAF GB-OS v6.2.02 - Bypass & Persistent Vulnerability
Document Title: =============== GTA WAF GB-OS v6.2.02 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1713 Release Date: ============= 2016-02-24 Vulnerability Laboratory ID VL-ID: ====================================...
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability
Document Title: =============== Barracuda Networks 35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1101 Barracuda Networks Security ID BNSEC: BNSEC-2361...
Barracuda Firewall 6.1.5 - Bypass&Persistent Vulnerabilities
Document Title: =============== Barracuda Firewall 6.1.5 - Bypass&Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC: BNSEC-2067...
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent
Document Title: =============== Barracuda Networks 35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1101 Barracuda Networks Security ID BNSEC: BNSEC-2361...
Barracuda Web Firewall 660 Firmware 7.3.1.007 - Vulnerability
No description provided by source. Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijackor can implement script routines &...
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities
No description provided by source. Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC: BNSEC-2067 Video:...
Barracuda Web Firewall 6.1.0.016 Cross Site Scripting
Document Title: =============== Barracuda Networks Bug Bounty 31 Firewall - Persistent Access Policy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1070 Barracuda Networks Security ID BNSEC: BNSEC-2068 Release Date: ============= 2014-02-2...