Page 2 of 10 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. Una vulnerabilidad de inyección SQL en my.activation.php3 en F5 FirePass v6.0.0 a 6.1.0 y v7.0.0 permite a atacantes remotos ejecutar comandos SQL a través del parámetro state. F5 FirePass SSL VPN versions 6.0.0 through 6.1.0 and 7.0.0 suffers from a remote SQL injection vulnerability that allows for remote root access. • http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html http://seclists.org/fulldisclosure/2012/Mar/324 http://secunia.com/advisories/48455 http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html http://www.securitytracker.com/id?1026834 https://exchange.xforce.ibmcloud.com/vulnerabilities/74198 https://exchange.xforce.ibmcloud.com/vulnerabilities/74450 https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_ro • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 1%CPEs: 26EXPL: 0

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versión modificada de algoritmo MD4 para generar números de secuencia y valores de los fragmentos de identificación, lo que hace que sea más fácil para los atacantes remotos causar una denegación de servicio (red interrumpida) o secuestrar sesiones de red mediante la predicción de estos valores y el envío de paquetes manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://www.openwall.com/lists/oss-security/2011/08/23/2 https://bugzilla.redhat.com/show_bug.cgi?id=732658 https://github.com/torval •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. Vulnerabilidad de ejecución de secuencias de comandos cruzados(XSS) en el interface de autenticación de F5 FirePass SSL VPN v5.5 hasta v5.5.2 y 6.0 hasta v6.0.3 , permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un campo password manipulado. NOTA: algunos de estos detalles se han obtenido de terceros. • http://osvdb.org/55040 http://secunia.com/advisories/35418 http://secunia.com/advisories/35426 http://www.securityfocus.com/archive/1/504232/100/0/threaded http://www.securityfocus.com/bid/35312 http://www.securitytracker.com/id?1022387 http://www.vupen.com/english/advisories/2009/1570 https://exchange.xforce.ibmcloud.com/vulnerabilities/51064 https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106 https://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB. El demonio SNMP en F5 FirePass 1200 6.0.2 Hotfix 3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante la consulta de la rama hrSWInstalled OID en HOST-RESOURCES-MIB. • http://secunia.com/advisories/30965 http://securityreason.com/securityalert/3985 http://www.securityfocus.com/archive/1/493950/100/0/threaded http://www.securityfocus.com/bid/30090 https://exchange.xforce.ibmcloud.com/vulnerabilities/43670 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en F5 FirePass SSL VPN versiones 6.0.2 hotfix 3, y posiblemente versiones anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de comillas en (1) el parámetro css_exceptions en el archivo vdesk/admincon/webyfiers.php y (2) el parámetro sql_matchscope en el archivo vdesk/admincon/index.php. • https://www.exploit-db.com/exploits/31886 https://www.exploit-db.com/exploits/31885 http://secunia.com/advisories/30550 http://securityreason.com/securityalert/3931 http://www.securityfocus.com/archive/1/493149/100/0/threaded http://www.securityfocus.com/bid/29574 http://www.securitytracker.com/id?1020205 http://www.vupen.com/english/advisories/2008/1765/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •