Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to 1 my.activation.php3 and 2 my.logon.php3...

F5 Firepass SSL VPN unfiltered shell characters security vulnerabilities

Shell characters problem via username parameter of my.activation.php3 script...

CVE-2007-0195

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account...

CVE-2007-0195

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account...

CVE-2007-0195

CVE-2007-0195 affects F5 FirePass 5.4–5.5.1 and 6.0. The issue is that authentication error messages differ between valid and invalid usernames, enabling remote attackers to confirm the existence of LDAP accounts. The connected documents confirm the affected product/versions and the exploitation ...