It is possible to execute an arbitrary command with root privileges on phion netfence 4.0.x, phion netfence versions prior to 4.2.15 and NG Firewall versions prior to 5.0.2 boxes with activated external authentication scheme (i.e. Active Directory). An attacker with the knowledge of an admin's username is able to perform arbitrary shell commands during the ssh login procedure on the box. The knowledge of the admin's password is not required.
fee59e2c3c8776e6ab9ed6abb4364a9562154ddc30dfed06de24b65179dd71f4
The radware AppWall Web Application Firewall suffers from a source code disclosure vulnerability on the management interface. Gateway version 4.6.0.2 and AppWall version 1.0.2.6 are affected.
ebbeea0950171e622c7bc542b1f4ad855b5faa91b899e0552ab2e02824b79374
The phion airlock Web Application Firewall version 4.1-10.41 suffers denial of service and arbitrary command execution vulnerabilities.
9c254d04a6934a033c0c2d9e8afcf865cf7055ec4333f2cd6d9a21ef128d42c5
The Artofdefence Hyperguard Web Application Firewall versions 3.1.1-11637 and below, 3.0.3-11636 and below, and 2.5.5-11635 and below suffer from a remote denial of service vulnerability.
077fa1d7da95167820fcb7c5c476adaf80128eb524005dba79c0191d3114b29b