CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2119
https://notcve.org/view.php?id=CVE-2009-2119
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. Vulnerabilidad de ejecución de secuencias de comandos cruzados(XSS) en el interface de autenticación de F5 FirePass SSL VPN v5.5 hasta v5.5.2 y 6.0 hasta v6.0.3 , permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un campo password manipulado. NOTA: algunos de estos detalles se han obtenido de terceros. • http://osvdb.org/55040 http://secunia.com/advisories/35418 http://secunia.com/advisories/35426 http://www.securityfocus.com/archive/1/504232/100/0/threaded http://www.securityfocus.com/bid/35312 http://www.securitytracker.com/id?1022387 http://www.vupen.com/english/advisories/2009/1570 https://exchange.xforce.ibmcloud.com/vulnerabilities/51064 https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106 https://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2007-0195
https://notcve.org/view.php?id=CVE-2007-0195
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. my.activation.php3 en F5 FirePass 5.4 hasta 5.5.1 y 6.0 muestra distintos mensajes de error para intentos de autenticación fallidos con nombre de usuario válido para aquellos con un nombre de usuario inválido, lo cual permite a atacantes remotos confirmar la validez de una cuenta LDAP. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html http://secunia.com/advisories/23627 http://www.mnin.org/advisories/2007_firepass.pdf http://www.osvdb.org/32736 http://www.securityfocus.com/bid/21957 https://tech.f5.com/home/solutions/sol6923.html •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2007-0187
https://notcve.org/view.php?id=CVE-2007-0187
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. F5 FirePass 5.4 hasta 5.5.2 y 6.0 permite a atacantes remotos acceder a URL's restringidas mediante (1) en un byte nulo al final, (2) múltiples barras iniciales, (3) codificación Unicode , (4) curte de directorios URL-encoded ó caracteres de mismo directorio, ó (5) letras mayúsculas en el nombre de dominio. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0141.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html http://osvdb.org/39167 http://secunia.com/advisories/23626 http://secunia.com/advisories/23640 http://www.mnin.org/advisories/2007_firepass.pdf http://www.securityfocus.com/bid/21957 https://tech.f5.com/home/solutions/sol6916.html https://tech.f5.com/home/solutions/sol6924.html •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2007-0188
https://notcve.org/view.php?id=CVE-2007-0188
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. F5 FirePass 5.4 hasta 5.5.1 no implementa apropiadamente restricciones de acceso al servidor cuando un cliente utiliza un entero simple (dword) para la representación de una dirección IP ("Dirección IP sin puntos"), lo cual permite a atacantes remotos autenticados conectarse a la consola de administración FirePass y a otros recursos concretos de red. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html http://secunia.com/advisories/23640 http://www.mnin.org/advisories/2007_firepass.pdf http://www.osvdb.org/32734 http://www.securityfocus.com/bid/21957 https://tech.f5.com/home/solutions/sol6922.html •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5416
https://notcve.org/view.php?id=CVE-2006-5416
Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en my.acctab.php3 en F5 Networks FirePass 1000 SSL VPN 5.5, y posiblemente anteriores, permite a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro sid. • http://secunia.com/advisories/22444 http://securityreason.com/securityalert/1752 http://securitytracker.com/id?1017076 http://www.procheckup.com/Vulner_PR0603b.php http://www.securityfocus.com/archive/1/448935/100/0/threaded http://www.securityfocus.com/bid/20583 http://www.vupen.com/english/advisories/2006/4083 https://exchange.xforce.ibmcloud.com/vulnerabilities/29631 •