CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2013-0150
https://notcve.org/view.php?id=CVE-2013-0150
09 Aug 2013 — Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.... • http://secunia.com/advisories/53477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 49EXPL: 1CVE-2012-3000 – F5 BIG-IP 11.2.0 SQL Injection
https://notcve.org/view.php?id=CVE-2012-3000
22 Jan 2013 — Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. Múltiples vulnerabilidades de inyección de SQL en sam/admin/reports/php/saveSettings.php en el APM WebGUI de F5 BIG-IP LTM, GTM,... • https://packetstorm.news/files/id/119739 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2012-3163 – mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3163
17 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos ... • http://rhn.redhat.com/errata/RHSA-2012-1462.html •
CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 0CVE-2011-3188 – kernel: net: improve sequence number generation
https://notcve.org/view.php?id=CVE-2011-3188
09 Sep 2011 — The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versión modificada de algoritmo MD4 para generar números de secuencia y val... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec •