Vulnerabilities > F5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-11 | CVE-2008-3149 | Path Traversal vulnerability in F5 Firepass 1200 6.0.2 The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB. | 7.8 |
2008-06-10 | CVE-2008-2637 | Cross-Site Scripting vulnerability in F5 Firepass SSL VPN 6.0.2 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php. | 4.3 |
2008-04-30 | CVE-2008-2030 | Cross-Site Scripting vulnerability in F5 Firepass 4100 and Firepass SSL VPN Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2008-03-25 | CVE-2008-1503 | Cross-Site Scripting vulnerability in F5 Tmos 9.4.3 Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities. | 4.3 |
2008-03-05 | CVE-2007-6704 | Cross-Site Scripting vulnerability in F5 Firepass 4100 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. | 2.6 |
2008-02-19 | CVE-2007-6258 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. | 7.5 |
2008-01-15 | CVE-2008-0265 | Cross-Site Scripting vulnerability in F5 Tmos 9.4.3 Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. | 4.3 |
2007-11-15 | CVE-2007-5979 | Cross-Site Scripting vulnerability in F5 Firepass 4100 Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. | 4.3 |
2007-06-06 | CVE-2007-3097 | Remote Command Injection vulnerability in F5 FirePass 4100 SSL VPN My.Activiation.PHP3 my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | 7.5 |
2007-01-12 | CVE-2007-0195 | Input Validation vulnerability in F5 Firepass my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | 5.0 |