23 matches found
CVE-2026-35025
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...
CVE-2026-35025
ProFTPD versions affected: 1.3.9b and 1.3.10rc2. Issue: an access control bypass in the RNFR path handling allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root. Root cause: unresolved symlink components in dir_canonical_path() cause dir_check...
EUVD-2017-6202
Malware in sbrugna...
Azure Block Mode Export Failure Due to NetworkAccessPolicyIsDenyAll with Veeam Kasten
Challenge If using Veeam Kasten to protect persistent volumes provisioned with the Azure Disk CSI provisioner, and encounter the following error during the block mode export phase of a policy run: Failure in exporting restorepoint with log details similar to: Access not permitted for resource...
CVE-2017-14706
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...
CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
WAFW00F v1.0.0 - Detect All The Web Application Firewall!
WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
DenyAll Web Application Firewall Remote Code Execution (CVE-2017-14706)
An authentication bypass and code injection vulnerability has been reported in DenyAll Web Application Firewall. The vulnerability is due to an information disclosure and the way that DenyAll Web Application Firewall validates session IDs while authenticating users. Remote attackers can execute a...
Remote Code Execution Vulnerability in Multiple DenyAll Products
DenyAll i-Suite LTS and others are Web firewall products from DenyAll France. A remote code execution vulnerability exists in several DenyAll products. A remote attacker could exploit this vulnerability to execute commands on TCP port 3001...
Multiple DenyAll Product Authentication Vulnerabilities
DenyAll i-Suite LTS and others are Web firewall products from DenyAll France. An authentication vulnerability exists in several DenyAll products. A remote attacker can exploit this vulnerability by sending a typeOf=debug request to the /webservices/download/index.php file and reading the iToken...
DenyAll Web Application Firewall Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DenyAll Web Application Firewall Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of DenyAll We...
CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
Authentication flaw
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...
CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
CVE-2017-14706
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...
Design/Logic Flaw
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
CVE-2017-14706
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...
CVE-2017-14706
CVE-2017-14706 affects DenyAll WAF before 6.4.1 and related DenyAll products (i-Suite LTS 5.5.0–5.5.12, i-Suite 5.6, Web Application Firewall 5.7 and 6.x) in On Premises or AWS/Azure deployments. The vulnerability allows unauthenticated remote attackers to obtain authentication information by sen...
CVE-2017-14705
CVE-2017-14705: DenyAll Web Application Firewall (WAF) before 6.4.1 permits unauthenticated remote command execution via TCP port 3001. The flaw enables insertion of shell metacharacters into the type parameter of the tailDateFile function located at /webservices/stream/tail.php. An iToken authen...