CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2010-2266 – Nginx 0.8.36 - Source Disclosure / Denial of Service
https://notcve.org/view.php?id=CVE-2010-2266
14 Jun 2010 — nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. nginx v0.8.36 permite a atacantes remotos provocar una denegación de servicio (mediante caída de la aplicación) a través de ciertas secuencias codificadas de salto de directorio que provocan corrupción de memoria, como se demuestra usando la secuencia "%c0.%c0." . • https://www.exploit-db.com/exploits/13818 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 10%CPEs: 3EXPL: 7CVE-2010-2263 – Nginx 0.8.36 - Source Disclosure / Denial of Service
https://notcve.org/view.php?id=CVE-2010-2263
14 Jun 2010 — nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. nginx 0.8 en versiones anteriores a la 0.8.40 y 0.7 en versiones anteriores a la 0.7.66, al ser ejecutado en Windows, permite a atacantes remotos obtener código fuente o contenido sin interpretar de ficheros de su elección que estén bajo la raíz de documentos web añadiendo ::$DATA a la URI. • https://packetstorm.news/files/id/181086 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4487 – Nginx 0.7.64 - Terminal Escape Sequence in Logs Command Injection
https://notcve.org/view.php?id=CVE-2009-4487
13 Jan 2010 — nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. nginx v0.7.64, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir ... • https://www.exploit-db.com/exploits/33490 •
CVSS: 7.8EPSS: 2%CPEs: 11EXPL: 0CVE-2009-4420
https://notcve.org/view.php?id=CVE-2009-4420
24 Dec 2009 — Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en el demonio bd en F5 Networks BIG-IP Application Security Manager (ASM) v9.4.4 hasta v9.4.7 y v10.0.0 hasta v10.... • http://osvdb.org/61297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 283EXPL: 2CVE-2009-3896
https://notcve.org/view.php?id=CVE-2009-3896
24 Nov 2009 — src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. src/http/ngx_http_parse.c en nginx (como Engine X) v0.1.0 hasta v0.4.14, v0.5.x anterior v0.5.38, v0.6.x anterior v0.6.39, v0.7.x anterior v0.7.62, y v0.8.x anterior 0.8.14 permite a atacantes remotos causar una denegación de servic... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 285EXPL: 2CVE-2009-3898 – Nginx 0.7.61 - WebDAV Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3898
24 Nov 2009 — Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. Vulnerabilidad de salto de directorio en src/http/modules/ngx_http_dav_module.c en nginx (como Engine X) anterior v0.7.63, y v0.8.x anterior v0.8.17, permite a usuarios autentificados remotamente crear y s... • https://www.exploit-db.com/exploits/9829 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 6CVE-2009-3555 – Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
https://notcve.org/view.php?id=CVE-2009-3555
09 Nov 2009 — The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other... • https://www.exploit-db.com/exploits/10071 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 9.8EPSS: 92%CPEs: 10EXPL: 1CVE-2009-2629 – Nginx 0.6.38 - Heap Corruption
https://notcve.org/view.php?id=CVE-2009-2629
15 Sep 2009 — Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Desbordamiento de búfer inferior en src/http/ngx_http_parse.c en nginx v0.1.0 a la v0.5.37, v0.6.x a la v0.6.39, v0.7.x a la v0.7.62, y v0.8.x anterior a v0.8.15, permite a atacantes ejecutar código de su elección a través de peticiones HTTP manipuladas. • https://www.exploit-db.com/exploits/14830 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-7032 – F5 BIG-IP 9.4.3 - Web Management Interface Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2008-7032
24 Aug 2009 — Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. Vulnerabilidad de falsificación de petición cruzada en sitios cruzados (CSRF) en la consola de gestión web en F5 BIG-IP v9.4.3 permite a atacantes remotos secuestrar la autenticación de los administradores pa... • https://www.exploit-db.com/exploits/31133 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2119
https://notcve.org/view.php?id=CVE-2009-2119
18 Jun 2009 — Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. Vulnerabilidad de ejecución de secuencias de comandos cruzados(XSS) en el interface de autenticación de F5 FirePass SSL VPN v5.5 hasta v5.5.2 y 6.0 hasta v6.0.3 , permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un campo... • http://osvdb.org/55040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •