36 matches found
EUVD-2009-1589
Malware in sbrugna...
EUVD-2009-1590
Malware in sbrugna...
EUVD-2009-0472
Malware in sbrugna...
Profense 2.2.20/2.4.2 Web Application Firewall Security Bypass Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/35053/info Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks...
Profense Web Application Firewall 2.6.2 - CSRF/XSS Vulnerabilities
No description provided by source. Written By Michael Brooks Special thanks to str0ke! Affects: Profense Web Application Firewall XSRF and XSS Version: 2.6.2 download http://www.armorlogic.com/downloadsoftware.html Defenses against all OWASP Top Ten vulnerabilities Too bad it doesn't defend its...
CVE-2009-1745
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access...
Default credentials
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access...
CVE-2009-1745
Armorlogic Profense Web Application Firewall is affected: versions before 2.2.22 and 2.4.x before 2.4.4 use a default root password hash and allow password-based root logins over SSH. This enables remote attackers to obtain privileged access according to the CVE description. The vulnerability det...
CVE-2009-1745
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access...
Cross site scripting
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting XSS attacks via a modified end tag of a SCRIPT element...
CVE-2009-1593
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting XSS attacks via a modified end tag of a SCRIPT element...
CVE-2009-1594
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...
Cross site scripting
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...
CVE-2009-1593
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting XSS attacks via a modified end tag of a SCRIPT element...
CVE-2009-1594
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...
CVE-2009-1593
CVE-2009-1593 – Armorlogic Profense Web Application Firewall is caused by the product not properly implementing the negative model, allowing XSS via a modified SCRIPT end tag. Affected versions are Profense WAF before 2.2.22 and 2.4.x before 2.4.4. The issue is documented alongside other vulnerab...
CVE-2009-1594
Armorlogic Profense Web Application Firewall is affected by CVE-2009-1594 in the positive model (white-list) implementation. Affected versions are Profense before 2.2.22 and 2.4.x before 2.4.4. The vulnerability allows remote attackers to bypass protection mechanisms by using a URL-encoded newlin...
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities. An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001 ID: ES-20090500 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt Affected Versions: versions prior...
Armorlogic Profense Web Application Firewall multiple security vulnerabilities
Protection bypass, static default password...
Profense 2.2.20/2.4.2 - Web Application Firewall Security Bypass
source: https://www.securityfocus.com/bid/35053/info Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks. Versions prior to the following ar...