CVSS: 8.8EPSS: 84%CPEs: 114EXPL: 4CVE-2012-1493 – F5 BIG-IP - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2012-1493
09 Jul 2012 — F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.... • https://www.exploit-db.com/exploits/19064 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6474
https://notcve.org/view.php?id=CVE-2008-6474
16 Mar 2009 — The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. El interfaz de gestión en F5 BIG-IP v9.4.3 permite a usuarios remotos autenticados con privilegios de "Resource Manager" inyectar código Perl de su elección mediante parámetros de configuración no especificados relacionados a Perl EP3 con plantillas, pr... • http://osvdb.org/51116 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1503
https://notcve.org/view.php?id=CVE-2008-1503
25 Mar 2008 — Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities. Vulnerabilidad de Secuencias de comandos en sitios cruzados (XSS) en el interfaz de gestión web en F5 BIG-IP 9.4.3, permite a atacantes remo... • http://securityreason.com/securityalert/3778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 11%CPEs: 1EXPL: 1CVE-2008-0265 – F5 BIG-IP 9.4.3 - 'SearchString' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0265
15 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la función Search ... • https://www.exploit-db.com/exploits/31024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2005-2245
https://notcve.org/view.php?id=CVE-2005-2245
12 Jul 2005 — Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. • http://secunia.com/advisories/16008 •
CVSS: 7.5EPSS: 79%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0CVE-1999-1550
https://notcve.org/view.php?id=CVE-1999-1550
08 Nov 1999 — bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. • http://marc.info/?l=bugtraq&m=94217006208374&w=2 •