Produkt Firepass 4100 (...) - CVEMAP.ORG

Podatności dla 'Firepass 4100'

2008-04-30

CVE-2008-2030

CWE-79

Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

2008-03-05

CVE-2007-6704

CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

2007-11-14

CVE-2007-5979

CWE-79

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

2007-06-06

CVE-2007-3097

CWE-Other

my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.

2007-01-12

CVE-2007-0186

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.

2006-07-12

CVE-2006-3550

CWE-Other

Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."

2006-03-21

CVE-2006-1357

CWE-Other

Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

>>> Vendor: F5 76 Produkty

Icontrol service manager

Firepass 4100

Firepass ssl vpn

Big-ip application security manager

Big-ip protocol security manager

Big-ip local traffic manager

Big-ip global traffic manager

Enterprise manager

Application security manager appliance

Big-ip access policy manager

Big-ip edge gateway

Big-ip link controller

Big-ip protocol security module

Big-ip wan optimization manager

Big-ip webaccelerator

Big-ip configuration utility

Big-ip analytics

Big-ip advanced firewall manager

Big-ip application acceleration manager

Big-ip policy enforcement manager

Arx data manager

Big-iq security

Big-ip policy enforcement manager11.5.1

Big-ip enterprise manager

Big-ip domain name system

Big-ip global traffic manager11.2.0

Big-iq application delivery controller

Big-iq centralized management

Big-iq cloud and orchestration

Ssl intercept iapp

Ssl orchestrator

Big-ip fraud protection service

Traffix systems signaling delivery controller

Big-ip access policy manager client

Traffix signaling delivery controller

Big-ip webaccelerator12.1.1

Websafe alert server

Container ingress service

Big-ip controller

Nginx controller

Big-ip advanced web application firewall

Big-ip ddos hybrid defender

Big-ip ssl orchestrator

Big-ip carrier-grade nat

Access policy manager clients

Nginx modsecurity waf

Nginx controller api management

Access for android

Nginx service mesh

Big-ip guided configuration

Copyright 2024, cxsecurity.com