82 matches found
PT-2025-20552 · Radware · Radware Cloud Web Application Firewall
Name of the Vulnerable Software and Affected Versions: Radware Cloud Web Application Firewall WAF versions before 2025-05-07 Description: The issue allows remote attackers to bypass firewall filters by adding a special character to the request. There is a proof-of-concept demonstration of the...
Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
Overview The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these...
German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested
German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denial-of-service DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those...
Radware AppDirector Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Radware AppDirector Bruteforce Login Utility', 'Description' = % This module scans for Radware AppDirector's web login portal, and performs login...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4JExploitation-VulnerabiliyCVE-2021-44228. !Untitled...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4JExploitation-VulnerabiliyCVE-2021-44228. !Untitled...
Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Companies worldwide have continued to receive extortion emails threatening to launch a distributed denial-of-service DDoS attack on their network, unless they pay up – with British foreign-exchange company Travelex reportedly being one recent high-profile threat recipient. Researchers said that...
Advanced protection for web applications in Azure with Radware’s Microsoft Security integration
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here. The state of application security Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project OWASP vulnerabilities,...
DemonBot Fans DDoS Flames with Hadoop Enslavement
A Linux-based DDoS botnet dubbed DemonBot has been found enslaving Hadoop frameworks, using a vulnerability in Hadoop’s resource management tool to infect cloud servers with the botnet malware. Hadoop is a popular open-source framework, usually deployed in cloud environments, that organizations c...
New Facebook-Spread Malware Triggers Credential Theft, Cryptomining
A new malware campaign rapidly spreading via Facebook is infecting victims’ systems to steal their social media credentials and download cryptomining code. The malware, dubbed Nigelthorn by the Radware researchers who first discovered it, is being propagated via socially engineered links on...
JenX Botnet Has Grand Theft Auto Hook
Researchers at Radware have discovered a new botnet that uses vulnerabilities linked with the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect IoT devices. Satori is a derivative of Mirai, the notorious botnet that in 2016 infamously managed to take down Dyn, a D...
CVE-2017-17427
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...
CVE-2017-17427
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...
Code injection
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...
CVE-2017-17427
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...
CVE-2017-17427
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack "Bleichenbacher attack". This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations...
CVE-2017-17427
CVE-2017-17427 concerns Radware Alteon devices with firmware 31.0.0.0–31.0.3.0, vulnerable to a Bleichenbacher adaptive-chosen ciphertext attack on RSA. This could enable decryption of observed RSA-encrypted traffic and conduct other private-key operations. Connected sources corroborate the vulne...
radware.com XSS vulnerability
Open Bug Bounty ID: OBB-242895 Description| Value ---|--- Affected Website:| radware.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Radware Man-in-the-Middle Attack Vulnerability
Radware is a series of application delivery intelligence solution products developed by Radware Israel. A security vulnerability exists in Radware devices. A remote attacker could exploit the vulnerability to obtain authentication keys and forge data...
CVE-2016-10212
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product...