CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50969
https://notcve.org/view.php?id=CVE-2023-50969
28 Mar 2024 — Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. Thales Imperva SecureSphere WAF 14.7.0.40 permite a atacantes remotos eludir las reglas WAF mediante una solicitud POST manipulada, una vulnerabilidad diferente a CVE-2021-45468. • https://docs.imperva.com/bundle/v14.7-waf-administration-guide/page/9282.htm •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 2CVE-2021-45468
https://notcve.org/view.php?id=CVE-2021-45468
14 Jan 2022 — Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. Imperva Web Application Firewall (WAF) versiones anteriores a 31-12-2021 permite a atacantes remotos no autenticados usar "Content-Encoding: gzip" para omitir los controles de seguridad del WAF y enviar peticiones HTTP POST maliciosas a servidores web detrás del WAF • https://github.com/0xhaggis/Imperva_gzip_bypass • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2011-5266
https://notcve.org/view.php?id=CVE-2011-5266
08 Jan 2020 — Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. Imperva SecureSphere Web Application Firewall (WAF) antes del 12 de agosto de 2010, permite omitir el filtro de inyección SQL. • http://seclists.org/fulldisclosure/2011/May/163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4887
https://notcve.org/view.php?id=CVE-2011-4887
11 Sep 2014 — Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. Vulnerabilidad de XSS en la tabla de violaciones en la GUI de gestión en el servidor MX Management en Imperva SecureSphere Web Application Firewall (WAF) 9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través d... • http://osvdb.org/79338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2011-0767
https://notcve.org/view.php?id=CVE-2011-0767
06 Jun 2011 — Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el GUI de control de MX Management Server en Imperva SecureSphere Web Application Firewall v6.2, 7.x, y 8.x , permite a atacantes remotos inyectar ... • http://secunia.com/advisories/44772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1329
https://notcve.org/view.php?id=CVE-2010-1329
15 Apr 2010 — Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. Imperva SecureSphere Web Application Firewall y Database Firewall v5.0.0.5082 a la v7.0.0.7078, permite a atacantes remotos evitar la funcionalidad de prevención frente a intrusiones mediante un petición que tiene añadida una cadena larga manipulada de un mod... • http://www.clearskies.net/documents/css-advisory-css1001-imperva.php •