what you don't know can hurt you
Showing 1 - 25 of 37 RSS Feed

Files

Imperva SecureSphere WAF 11.5 Bypass
Posted Sep 14, 2018
Authored by Damien Cabrie

Imperva SecureSphere WAF version 11.5 suffers from a bypass vulnerability due to first validating that a Content-Type header must be passed.

tags | exploit, bypass
MD5 | 64e8407adb3a1ec56bc9a51ab5a506a1

Related Files

How To Exploit PHP Remotely To Bypass Filters And WAF Rules
Posted Dec 25, 2018
Authored by themiddleblue

Whitepaper called How to Exploit PHP Remotely to Bypass Filters and WAF Rules.

tags | paper, php
MD5 | 951bbbe0ecb41f1c347de656c6715e7e
Kemp Load Balancer WAF 7.2.40 Bypass
Posted Dec 15, 2017
Authored by Tim Kretschmann

Kemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2017-15524
MD5 | 65be9e2f8c7ec43b609c96eea736fc12
Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack
Posted Jul 7, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.

tags | exploit
MD5 | 25834f424ff04c0e96e8ca47d4c3bc69
Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 6a4ac3abbfee6355517319f7d35839ce
Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.

tags | exploit
MD5 | 457c2a997735435dfef8ab76ca6ff141
Evading All Web-Application Firewalls XSS Filters
Posted Sep 9, 2015
Authored by Mazin Ahmed

This whitepaper documents shortcomings in various popular web application firewalls (WAFS) and how to trigger cross site scripting attacks regardless of the protections in place. Covered are F5 Big IP, Imperva Incapsula, AQTRONIX WebKnight, PHP-IDS, Mod-Security, Sucuri, QuickDefense, and Barracuda WAF.

tags | paper, web, xss
MD5 | 1cbaf237965d673f4610dd022d5eb934
WordPress Vulcan Theme XSS / Disclosure/ DoS
Posted Jul 6, 2015
Authored by MustLive

WordPress Vulcan theme suffers from WAF bypass, cross site scripting, path disclosure, denial of service, and remote file upload vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, xss, file upload
MD5 | 27385037f3f1211cd3f3417a99a527c9
SOPHOS WAF JSON Filter Bypass
Posted May 27, 2015
Authored by Glaudson Ocampos

SOPHOS WAF fails to mitigate SQL injection attacks leveraged via JSON.

tags | exploit, sql injection, bypass
MD5 | 15d2c9de301a1d486ae9791a56564c00
Applicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Posted Mar 17, 2015
Authored by Akastep

Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a9f92655da6950f9d0df2f27d09f42aa
Citrix Netscaler NS10.5 WAF Bypass
Posted Mar 14, 2015
Authored by Onur Alanbel, Bilgi Guvenligi

Citrix Netscaler NS10.5 suffers from a WAF bypass vulnerability via HTTP header pollution.

tags | exploit, web, bypass
MD5 | b13eeba41c1ad6e13975400397b59965
Barracuda WAF Authentication Bypass
Posted Aug 4, 2014
Authored by Nick Hayes | Site portcullis-security.com

It is possible to re-use a link which includes a non-expiring authentication token in the query string to gain access to the interface of the Barracuda Web Application Firewall (WAF) firmware version 7.8.1.013.

tags | exploit, web, bypass
advisories | CVE-2014-2595
MD5 | 642edeb502f95d2b0ada54de256848be
WAF-FLE ModSecurity Console 0.6.4
Posted Jul 27, 2014
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release fixes many bugs reports by users, for waf-fle e mlog2waffle.
tags | tool
systems | unix
MD5 | 48ede2cc38d9920c654208d31b7e17c1
WAF-FLE ModSecurity Console 0.6.3
Posted Feb 6, 2014
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release fixes many bugs reports by users, for waf-fle e mlog2waffle.
tags | tool
systems | unix
MD5 | 6e5cbb4f23bb844bd8afd88e4b8fac69
CloudFlare Versus Incapsula: Round 2
Posted Oct 30, 2013
Authored by LiquidWorm, Humberto Cabrera, Stefan Petrushevski | Site zeroscience.mk

This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.

tags | paper, web
MD5 | e34c141844b6ea5bac3471427cb3e902
Imperva SecureSphere WAF MX 9.5.6 SQL Injection
Posted Oct 10, 2013
Authored by Mattia Folador, Giuseppe D'Amore

Imperva SecureSphere WAF MX version 9.5.6 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d7f4777d927f3e980ab8c99b62a98141
OWASP Xenotix XSS Exploit Framework 4
Posted Aug 16, 2013
Authored by Ajin Abraham | Site owasp.org

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

tags | tool, web, xss, proof of concept
MD5 | 222bf164f37e6376eff77b07e4801510
Barracuda LB / SVF / WAF / WEF Cross Site Scripting
Posted Jul 19, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda LB, SVF, WAF, and WEF products suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ee5bea6c18d33423d3fc0053e6f5ab80
Dewafiles 4 Cross Site Request Forgery
Posted Jun 8, 2013
Authored by vir0e5

Dewafiles version 4 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 25b3b141a7a7fe0e2e22086837c94642
WAF-FLE ModSecurity Console 0.6.0
Posted Apr 26, 2013
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release close the release candidate cycle, fixing many bugs reports by users.
tags | tool
systems | unix
MD5 | f3dec07ec298f7ff017973fc9bccd70f
OWASP WAF Naxsi Bypass
Posted Mar 26, 2013
Authored by Safe3

OWASP WAF Naxsi suffers from a bypass vulnerability.

tags | exploit, bypass
MD5 | 05e5bf5bcd626e4317353226a15df84f
Address Application Layer Attacks With Mod Security
Posted Dec 18, 2012
Authored by Archana Sharma

This article sheds some light concepts pertaining to the WAF-like feature functionality of mod_security in Apache.

tags | paper
MD5 | 2381d9eb80165ee0eb3b7356174869ee
dotDefender WAF 4.26 Format String
Posted Nov 16, 2012
Authored by Bernhard Mueller | Site sec-consult.com

Applicure dotDefender WAF versions 4.26 and below suffer from a format string vulnerability.

tags | advisory
MD5 | 6ddbce0bb1d4a694a440233f185a5d1f
WAF-FLE ModSecurity Console 0.6.0rc2
Posted Oct 26, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release fixes an issue with new sensor creation.
tags | tool
systems | unix
MD5 | f688cd1f5f15d6720e99a63ef4b9e623
WAF-FLE ModSecurity Console 0.6.0rc1
Posted Oct 25, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This is a major release, with many new features, improvements, and bugfixes. You can now use filters in the dashboard. All charts and tables are clickable for drilling down into data. Compression of full events was implemented, saving around 60% of space. A setup script helps with dependency checking and database creation/migration. mlog2waffle was included - a daemon that works as a replacement to mlogc.
tags | tool
systems | unix
MD5 | a47e71f8b649fbdb6ef3e14a7f9078a0
Fortigate UTM WAF Appliance Cross Site Scripting
Posted Sep 18, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Fortigate UTM WAF Appliance suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 10c1336c6ca4cf59ab6eb2e558626699
Page 1 of 2
Back12Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    4 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close