CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3097
https://notcve.org/view.php?id=CVE-2007-3097
06 Jun 2007 — my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. my.activation.php3 en F5 FirePass 4100 SSL VPN permite a atacantes remotos ejecutar órdenes de línea de comandos de su elección mediante metacaracteres de línea de comandos en el parámetro username. • http://secunia.com/advisories/25563 •
CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0CVE-2007-0186
https://notcve.org/view.php?id=CVE-2007-0186
11 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.p... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2007-0195
https://notcve.org/view.php?id=CVE-2007-0195
11 Jan 2007 — my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. my.activation.php3 en F5 FirePass 5.4 hasta 5.5.1 y 6.0 muestra distintos mensajes de error para intentos de autenticación fallidos con nombre de usuario válido para aquellos con un nombre de usuario inválido, lo cual permite a atacantes remotos confirmar... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2007-0187
https://notcve.org/view.php?id=CVE-2007-0187
11 Jan 2007 — F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. F5 FirePass 5.4 hasta 5.5.2 y 6.0 permite a atacantes remotos acceder a URL's restringidas mediante (1) en un byte nulo al final, (2) múltiples barras iniciales, (3) codificación Unicode , (4) curte de directorios URL-encoded ó ca... • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2007-0188
https://notcve.org/view.php?id=CVE-2007-0188
11 Jan 2007 — F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. F5 FirePass 5.4 hasta 5.5.1 no implementa apropiadamente restricciones de acceso al servidor cuando un cliente utiliza un entero simple (dword) para la representación de una dirección IP ("Dirección IP sin... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5416
https://notcve.org/view.php?id=CVE-2006-5416
20 Oct 2006 — Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en my.acctab.php3 en F5 Networks FirePass 1000 SSL VPN 5.5, y posiblemente anteriores, permite a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro sid. • http://secunia.com/advisories/22444 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3550
https://notcve.org/view.php?id=CVE-2006-3550
13 Jul 2006 — Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en F5 Networks FirePass 4100 5.x permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de "campos de formulario escribibles y ocultos" no especificad... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 2CVE-2006-1357 – F5 Firepass 4100 SSL VPN - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1357
22 Mar 2006 — Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. • https://www.exploit-db.com/exploits/27452 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2005-2245
https://notcve.org/view.php?id=CVE-2005-2245
12 Jul 2005 — Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. • http://secunia.com/advisories/16008 •
CVSS: 7.5EPSS: 86%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •