CVE-2015-8240

The Traffic Management Microkernel TMM in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers...

F5 Networks BIG-IP : OpenSSL vulnerability (SOL33209124) (deprecated)

ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the getclientmasterkey and...

F5 Networks BIG-IP : Multiple DNS vulnerabilities (SOL6365)

This security advisory describes several potential vulnerabilities in Internet Systems Consortium's Berkeley Internet Name Daemon BIND. BIND is provided on some F5 Networks products. The potential vulnerabilities include: execution of arbitrary code, denial of service, and other unpredictable...

Linux x86/x86_64 - Read /etc/passwd Shellcode (156 bytes)

/ + Author : B3mB4m Contact : email protected Project : https://github.com/b3mb4m/Shellsploit Greetz : Bomberman,T-Rex,KnocKout,ZoRLu If you want test it, you must compile it within x86 OS. Or basically you can get it with shellsploit. Default setthings for /etc/passwd 00000000 31C0 xor eax,eax...

Code injection

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...

Default credentials

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management AOM subsystem, which might allow remote attackers to obtain login access to AOM via an 1 expir...

CVE-2015-7759

CVE-2015-7759 affects BIG-IP 12.0.0 before HF1 across multiple modules (LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, PEM). The root cause is handling of TC P profiles with Congestion Metrics Cache enabled, which allows remote attackers to trigger a TMM restart via crafted ICMP packets rel...

CVE-2015-8611

The CVE-2015-8611 issue affects BIG-IP components (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM) on the 2000/4000/5000/7000/10000 platforms running 12.0.0 before HF1. The root cause is failure to sync passwords from the BIG-IP AOM (Always-On-Management) subsystem, which could all...

CVE-2015-7759

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service Traffic Management Microkernel TMM restart via crafted ICMP...

CVE-2015-8611

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management AOM subsystem, which might allow remote attackers to obtain login access to AOM via an 1 expir...

F5 Networks BIG-IP : Privilege escalation vulnerability (K75136237)

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...

Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)

/--------------------------------------------------------------------------------------------------------------------- / Exploit Title: bindshell TCP Author: Scorpion Copyright: c 2016 iQube. http://iQube.io Release Date: January 1, 2016 Contact: https://www.facebook.com/sathish.royalmechanical...

SOL30518307 - Java commons-collections library vulnerability CVE-2015-4852

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2015-7394

CVE-2015-7394 affects the datastor kernel module across multiple F5 BIG-IP products (Analytics, APM, ASM, Link Controller, LTM, AAM, AFM, PEM, Edge Gateway, WebAccelerator, WOM, GTM, PSM, BIG-IQ suites, Enterprise Manager) with versions listed as vulnerable. The root cause is the ability for remo...

SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2015:1844-1)

glibc was updated to fix bugs and security issues. Security issues fixed : - A buffer overflow in nssdns was fixed that could lead to crashes. CVE-2015-1781, bsc927080, BZ 18287 - A denial of service attack out of memory in the NSS files backend was fixed CVE-2014-8121, bsc918187, GLIBC BZ 18007...

Oracle: Security Advisory (ELSA-2011-0568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4638

The CVE-2015-4638 issue affects F5 BIG-IP products using FastL4 virtual servers (across BIG-IP LTM/AAM/AFM/Analytics/APM/ASM/GTM/Link Controller/PEM, Edge Gateway, WebAccelerator, WOM, PSM). Root cause: processing of fragmented packets in the FastL4/TMM path can cause the Traffic Management Micro...

OS X x64 - tcp bind shellcode, NULL byte free 144 bytes

OS X x64 - tcp bind shellcode, NULL byte free 144 bytes. Shellcode exploit for osx platform ;OS X x64, TCP bind shellcode port 4444, NULL byte free, 144 bytes long ;ASM code ;compile: ;nasm -f macho64 bind-shellcode.asm ;ld -macosxversionmin 10.7.0 -o bindsc bind-shellcode.o BITS 64 global start...

CVE-2015-5058

CVE-2015-5058 is an ICMP packet processing memory-leak vulnerability in F5 BIG-IP components (LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM) and BIG-IQ (Cloud, Device, Security 4.4.0–4.5.0; ADC 4.5.0). The root cause is a memory leak triggered by a large number of crafted ICMP pac...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3047)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3047 advisory. - x86/asm/entry/64: Remove a bogus 'retfromfork' optimization Andy Lutomirski Orabug: 21308307 CVE-2015-2830 Tenable has extracted the preceding...