CVSS: 6.1EPSS: 2%CPEs: 14EXPL: 1CVE-2007-5979 – F5 FirePass 4100 SSL VPN - 'Download_Plugin.php3' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5979
15 Nov 2007 — Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en download_plugin.php3 en F5 Firepass 4100 SSL VPN 5.4 hasta la 5.5.2 y 6.0 hasta la 6.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro backurl. • https://www.exploit-db.com/exploits/30755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2007-0195
https://notcve.org/view.php?id=CVE-2007-0195
11 Jan 2007 — my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. my.activation.php3 en F5 FirePass 5.4 hasta 5.5.1 y 6.0 muestra distintos mensajes de error para intentos de autenticación fallidos con nombre de usuario válido para aquellos con un nombre de usuario inválido, lo cual permite a atacantes remotos confirmar... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2007-0187
https://notcve.org/view.php?id=CVE-2007-0187
11 Jan 2007 — F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. F5 FirePass 5.4 hasta 5.5.2 y 6.0 permite a atacantes remotos acceder a URL's restringidas mediante (1) en un byte nulo al final, (2) múltiples barras iniciales, (3) codificación Unicode , (4) curte de directorios URL-encoded ó ca... • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2007-0188
https://notcve.org/view.php?id=CVE-2007-0188
11 Jan 2007 — F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. F5 FirePass 5.4 hasta 5.5.1 no implementa apropiadamente restricciones de acceso al servidor cuando un cliente utiliza un entero simple (dword) para la representación de una dirección IP ("Dirección IP sin... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html •