Vulnerabilities > F5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-12 | CVE-2007-0188 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | 6.5 |
2007-01-12 | CVE-2007-0187 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | 7.5 |
2007-01-12 | CVE-2007-0186 | Input Validation vulnerability in F5 Firepass 4100 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. network f5 | 6.8 |
2006-10-20 | CVE-2006-5416 | Cross-Site Scripting vulnerability in F5 Firepass 1000 5.5 Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 5.1 |
2006-07-13 | CVE-2006-3550 | Cross-Site Scripting vulnerability in F5 Firepass 4100 5.4.2 Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." | 2.6 |
2006-03-22 | CVE-2006-1357 | Cross-Site Scripting vulnerability in F5 Firepass 4100 5.4.2 Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. network f5 | 4.3 |
2005-07-12 | CVE-2005-2245 | SSL Authentication Bypass vulnerability in F5 BIG-IP Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. | 7.5 |
2005-05-31 | CVE-2005-0356 | Remote Denial Of Service vulnerability in Multiple Vendor TCP Timestamp PAWS Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | 5.0 |
2004-12-21 | CVE-2004-1307 | Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | 7.5 |
1999-11-08 | CVE-1999-1550 | Unspecified vulnerability in F5 Tmos 2.0 bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. | 5.0 |