Page 8 of 41 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. Vulnerabilidad XSS en la política de accesos de la página de logout (logout.inc) en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.1.0 hasta v11.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de la cookie LastMRH_Session. • http://secunia.com/advisories/54941 http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14712.html http://www.securityfocus.com/bid/62596 http://www.securitytracker.com/id/1029079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. La política de acceso en la página de inicio de sesión (logon.inc) en F5 BIG-IP APM v11.1.0 hasta v11.2.1 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/54844 http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html http://www.securitytracker.com/id/1029079 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.0.0 hasta v11.3.0, FirePass v6.0.0 hasta v6.1.0 y v7.0.0, y otros productos "cuando APM se aprovisiona," permite que atacantes remotos puedan subir y ejecutar fichero de su elección a través de .. (punto punto) en el parámetro nombre de fichero. • http://secunia.com/advisories/53477 http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. Múltiples vulnerabilidades de inyección de SQL en sam/admin/reports/php/saveSettings.php en el APM WebGUI de F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, y Analytics y (2) AVR WebGUI en WebAccelerator y WOM 11.2.x anterior a la versión 11.2.0-HF3 y 11.2.x anterior a 11.2.1-HF3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro defaultQuery. F5 BIG-IP versions 11.2.0 and below suffer from a remote SQL injection vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html http://osvdb.org/89446 http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html http://secunia.com/advisories/51867 http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html http://www.securityfocus.com/bid/57500 https://exchange.xforce.ibmcloud.com/vulnerabilities/81457 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 37EXPL: 0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Information Schema. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://secunia.com/advisories/56509 http://secunia.com/advisories/56513 http://security.gentoo.org/glsa/glsa-201308-06.xml http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http:/&# •