21 matches found
K13993: Cross-site URL redirection attack vulnerability CVE-2009-4017
Security Advisory Description F5 FirePass SSL VPN contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate the refreshURL parameter upon submission to the my.activation.cns.php3 script. As a result, a user could create a URL...
K14046: FirePass input validation vulnerability
Security Advisory Description F5 FirePass SSL VPN contains an input validation vulnerability that may allow a remote attacker to compromise the FirePass controller. Impact An attacker may be able to exploit the vulnerability and retrieve arbitrary files, perform Denial of Service attacks, or...
FirePass SSL VPN Unauthenticated Local File Inclusion
No description provided by source...
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
SEC Consult Vulnerability Lab Security Advisory 20121203-0 ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...
F5 FirePass SSL VPN 7.0.0 HF-70-6 Local File Inclusion
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...
FirePass SSL VPN - Local File Inclusion
FirePass SSL VPN - Local File Inclusion SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7...
FirePass SSL VPN Unauthenticated Local File Inclusion Vulnerability
Exploit for multiple platform in category web applications ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...
FirePass SSL VPN - Local File Inclusion
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...
FirePass 7.0 SSL VPN - refreshURL Open Redirection
FirePass 7.0 SSL VPN - refreshURL Open Redirection source: https://www.securityfocus.com/bid/56156/info FirePass SSL VPN is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other...
F5 FirePass SSL VPN Open URL Redirection
OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides secure remote access to enterprise applications and data for users over any device or network while protecting your corporate. See http://www.f5.com/pdf/products/firepass-overview.pdf...
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
source: https://www.securityfocus.com/bid/56156/info FirePass SSL VPN is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible. Versions prior to FirePass 7.0.0...
CVE-2008-2637
Multiple cross-site scripting XSS vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in 1 the cssexceptions parameter in vdesk/admincon/webyfiers.php and 2 the sqlmatchscope parameter in...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in 1 the cssexceptions parameter in vdesk/admincon/webyfiers.php and 2 the sqlmatchscope parameter in...
CVE-2008-2637
Multiple cross-site scripting XSS vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in 1 the cssexceptions parameter in vdesk/admincon/webyfiers.php and 2 the sqlmatchscope parameter in...
F5 FirePass 6.0.2.3 - vdeskadminconindex.php?sql_matchscope Cross-Site Scripting
F5 FirePass 6.0.2.3 - vdeskadminconindex.php?sqlmatchscope Cross-Site Scripting source: https://www.securityfocus.com/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input. Exploiting these...
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php?css_exceptions' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input. Exploiting these issues may allow a remote attacker to execute arbitrary actions in the context of...
CVE-2007-6704
Multiple cross-site scripting XSS vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to 1 my.activation.php3 and 2 my.logon.php3...
F5 Networks FirePass 4100 SSL VPN - 'My.Logon.php3' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26659/info F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
F5 Firepass SSL VPN unfiltered shell characters security vulnerabilities
Shell characters problem via username parameter of my.activation.php3 script...
CVE-2007-0186
Multiple cross-site scripting XSS vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via 1 the xcho parameter to my.logon.php3; the 2 topblue, 3 midblue, 4 wtopblue, and certain other Custom color parameters in a per action to...