Vulnerabilities > F5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-15 | CVE-2010-2266 | Path Traversal vulnerability in F5 Nginx nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | 5.0 |
2010-06-15 | CVE-2010-2263 | Information Exposure vulnerability in F5 Nginx nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. | 5.0 |
2010-01-13 | CVE-2009-4487 | Unspecified vulnerability in F5 Nginx 0.7.64 nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. network f5 | 6.8 |
2009-12-24 | CVE-2009-4420 | Buffer Errors vulnerability in F5 products Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. | 7.8 |
2009-11-24 | CVE-2009-3898 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. | 4.9 |
2009-11-24 | CVE-2009-3896 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | 5.0 |
2009-09-15 | CVE-2009-2629 | Out-of-bounds Write vulnerability in multiple products Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. | 7.5 |
2009-08-24 | CVE-2008-7032 | Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip 9.4.3 Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form. | 6.8 |
2009-06-18 | CVE-2009-2119 | Cross-Site Scripting vulnerability in F5 Firepass SSL VPN Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. | 4.3 |
2009-03-16 | CVE-2008-6474 | Code Injection vulnerability in F5 Tmos 9.4.3 The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. | 9.0 |