CVE-2007-0188
https://notcve.org/view.php?id=CVE-2007-0188
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. F5 FirePass 5.4 hasta 5.5.1 no implementa apropiadamente restricciones de acceso al servidor cuando un cliente utiliza un entero simple (dword) para la representación de una dirección IP ("Dirección IP sin puntos"), lo cual permite a atacantes remotos autenticados conectarse a la consola de administración FirePass y a otros recursos concretos de red. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html http://secunia.com/advisories/23640 http://www.mnin.org/advisories/2007_firepass.pdf http://www.osvdb.org/32734 http://www.securityfocus.com/bid/21957 https://tech.f5.com/home/solutions/sol6922.html •
CVE-2006-3550
https://notcve.org/view.php?id=CVE-2006-3550
Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en F5 Networks FirePass 4100 5.x permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de "campos de formulario escribibles y ocultos" no especificados incluyendo "interfaces frontales de autenticación". • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html http://securityreason.com/securityalert/1237 http://securitytracker.com/id?1016431 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352 http://www.securityfocus.com/archive/1/439033/100/0/threaded http://www.securityfocus.com/bid/18799 http://www.vupen.com/english/advisories/2006/2678 https://exchange.xforce.ibmcloud.com/vulnerabilities/27547 •
CVE-2006-1357 – F5 Firepass 4100 SSL VPN - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1357
Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. • https://www.exploit-db.com/exploits/27452 http://secunia.com/advisories/19337 http://securityreason.com/securityalert/611 http://securitytracker.com/id?1015798 http://www.securityfocus.com/archive/1/428318/100/0/threaded http://www.securityfocus.com/bid/17175 http://www.vupen.com/english/advisories/2006/1036 https://exchange.xforce.ibmcloud.com/vulnerabilities/25393 •