Skip to main content

I Suite

2 CVEs product

Monthly

CVE-2017-14706 CRITICAL POC THREAT Emergency

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.4%.

Microsoft Authentication Bypass PHP I Suite Web Application Firewall
NVD GitHub
CVSS 3.0
9.8
EPSS
72.4%
Threat
5.6
CVE-2017-14705 HIGH POC This Week

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Microsoft Command Injection I Suite Web Application Firewall
NVD GitHub
CVSS 3.0
8.1
EPSS
4.4%
EPSS 72% 5.6 CVSS 9.8
CRITICAL POC THREAT Emergency

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.4%.

Microsoft Authentication Bypass PHP +2
NVD GitHub
EPSS 4% CVSS 8.1
HIGH POC This Week

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Microsoft Command Injection +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy