14 matches found
CVE-2026-34176
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...
EUVD-2026-30003
A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2025-59481
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security...
CVE-2025-59481 BIG-IP iControl REST and tmsh vulnerability
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security...
EUVD-2004-0870
Malware in sbrugna...
PT-2024-25377 · F5 · Big-Ip Next Central Manager
Name of the Vulnerable Software and Affected Versions: BIG-IP Next Central Manager affected versions not specified Description: An improper certificate validation issue exists, potentially allowing an attacker to impersonate an Instance Provider system and cross a security boundary...
CVE-2022-41800
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note:...
CVE-2004-0871
Mozilla does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...
CVE-2004-0871
CVE-2004-0871 refers to a cross security boundary cookie injection issue in which cookies set over HTTP can be presented to HTTPS in the same domain (the cookie domain attribute can enable leakage across secure boundaries). The connected documentation attributes this to multiple browsers (Interne...
CVE-2004-0869
Internet Explorer does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...
CVE-2004-0872
Opera does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...
CVE-2004-0872
CVE-2004-0872 affects Opera and describes a cookie handling flaw where cookies sent over an insecure channel (HTTP) can also be presented on a secure channel (HTTPS/SSL) within the same domain. This enables potential cookie leakage and unauthorized session usage (Cross Security Boundary Cookie In...
CVE-2004-0870
KDE Konqueror does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...
CVE-2004-0871
Mozilla does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...