Page 6 of 29 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. Múltiples vulnerabilidades de inyección de SQL en sam/admin/reports/php/saveSettings.php en el APM WebGUI de F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, y Analytics y (2) AVR WebGUI en WebAccelerator y WOM 11.2.x anterior a la versión 11.2.0-HF3 y 11.2.x anterior a 11.2.1-HF3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro defaultQuery. F5 BIG-IP versions 11.2.0 and below suffer from a remote SQL injection vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html http://osvdb.org/89446 http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html http://secunia.com/advisories/51867 http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html http://www.securityfocus.com/bid/57500 https://exchange.xforce.ibmcloud.com/vulnerabilities/81457 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 37EXPL: 0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Information Schema. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://secunia.com/advisories/56509 http://secunia.com/advisories/56513 http://security.gentoo.org/glsa/glsa-201308-06.xml http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http:/&# •

CVSS: 7.8EPSS: 27%CPEs: 114EXPL: 4

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.2.4, v11.0.x anteriores a v11.0.0-HF2, y v11.1.x anteriores a v11.1.0-HF3, y Enterprise Manager anteriores a v2.1.0-HF2, v2.2.x anteriores a v2.2.0-HF1, y v2.3.x anteriores a v2.3.0-HF3, usa una clave privada SSH en distintas instalaciones de clientes, y no restringe el acceso a la mismas de forma adecuada, lo que facilita a atacantes remotos hacer login SSH a través de la opción PubkeyAuthentication. F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. • https://www.exploit-db.com/exploits/19064 https://www.exploit-db.com/exploits/19091 https://www.exploit-db.com/exploits/19099 http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb https://www.trustmatta.com/advisories/MATTA-2012-002.txt • CWE-255: Credentials Management Errors •

CVSS: 9.1EPSS: 1%CPEs: 26EXPL: 0

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versión modificada de algoritmo MD4 para generar números de secuencia y valores de los fragmentos de identificación, lo que hace que sea más fácil para los atacantes remotos causar una denegación de servicio (red interrumpida) o secuestrar sesiones de red mediante la predicción de estos valores y el envío de paquetes manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/08/23/2 https://bugzilla.redhat.com/show_bug.cgi?id=732658 https://github.com/torval •