This whitepaper discusses various web application firewall bypass methodologies. Written in Turkish.
d04d9dc9ed267c9142d78a1a35f38d8397df4345faa4d26a2221dd442c5ad695
BlogEngine.NET version 1.6.x suffers from path disclosure, unauthorized access, directory traversal, and file upload vulnerabilities.
2218806e3d191f516f3002551168e102ee120af9f6953f1384c30b96f3413f98
The calendar application for Apache Tomcat contains invalid HTML which renders the cross site scripting protection for the time parameter ineffective. An attacker can therefore perform an cross site scripting attack using the time attribute. Version affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
2fd4d18e046935391c0b4eb23d19aed3bf6cd14d57e11ae2522468cf694b91a4
Fujitsu Web-Based Admin View version 2.1.2 suffers from a directory traversal vulnerability.
9346267fb836e3abbe4ae26b5494f37f1a97d864da56456cc63bc045d54d3c34
IBM MRO MAXIMO versions 4.1 and 5.2 suffer from cross site scripting and information disclosure vulnerabilities.
ca60b29f62d445c4b816c1b20f895b671b0878aff48c7c34b6b5dce290e3012c
The Oracle Application Server Portal 10G suffers from an authentication bypass vulnerability. Details are provided.
0c2ed4b2c1e511b8299cfe9fcacff6058ce880614d068dd399bb8d9b4104f115
The Zyxel ZYWall 100 suffers from a cross site scripting vulnerability via the Referer: header.
cc7041be52252b1ce26e0f38eb43a0dd6aeeb46b920bb6dfa9085716ca030fd5
SonicWall E-mail Security version 6.1.1 suffers from a cross site scripting vulnerability via the Host: header.
f7fcac283c39a39b7ba7514782f15b4fc283957bfc523140dbe2cbdef590cfd5