CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...

Improperly Implemented path matching for in-toto-golang

Impact Authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact ...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

Bypassing Neutron Security Group Rules

nova-lxd has a flaw which leads to bypass of Neutron Security Group Rules applied to Nova-LXD instance. The vulnerability is possible because it does not properly name the veth pairs, causing the network traffic to/from external hosts to be incorrectly allowed...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...