5 matches found
CVE-2017-14706
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/denyallwafexec.rb 2022-07-04 11:31:41+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/311 2025-02-06...
DenyAll Web Application Firewall Remote Code Execution (CVE-2017-14706)
An authentication bypass and code injection vulnerability has been reported in DenyAll Web Application Firewall. The vulnerability is due to an information disclosure and the way that DenyAll Web Application Firewall validates session IDs while authenticating users. Remote attackers can execute a...
Design/Logic Flaw
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
CVE-2017-14706
CVE-2017-14706 affects DenyAll WAF before 6.4.1 and related DenyAll products (i-Suite LTS 5.5.0–5.5.12, i-Suite 5.6, Web Application Firewall 5.7 and 6.x) in On Premises or AWS/Azure deployments. The vulnerability allows unauthenticated remote attackers to obtain authentication information by sen...
CVE-2017-14706
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...