CVE-2025-54755

A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2025-42329

Name of the Vulnerable Software and Affected Versions TMUI affected versions not specified Description A directory traversal issue exists in TMUI that permits an authenticated attacker to access files beyond those intended. The vulnerability allows access to files that are not limited to the...

EUVD-2020-27099

Malware in sbrugna...

EUVD-2019-16157

Malware in sbrugna...

EUVD-2020-27069

Malware in sbrugna...

EUVD-2018-7192

Malware in sbrugna...

EUVD-2018-7191

Malware in sbrugna...

EUVD-2019-16184

Malware in sbrugna...

EUVD-2019-16198

Malware in sbrugna...

EUVD-2022-36983

Malicious code in bioql PyPI...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 BIG-IP RCE Update Use /hsqldb%0a/ Bypass Rules For Java Deserialization or /hsqld%b /hsqldb; /tmui/login.jsp/..;/hsqldb Redirect 404 / bypass /hsqldb; Redirect 404 / bypass /hsqldb%0a include 'FileETag MTime Size Redirect 404 / Redirect 404 / ' fix:...

CVE-2019-6639

On BIG-IP AFM, PEM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not...

F5 BIG-IP TMUI AJP Smuggling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...

F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

F5 BIG-IP TMUI AJP Smuggling RCE

This module exploits a flaw in F5's BIG-IP Traffic Management User Interface TMUI that enables an external, unauthenticated attacker to create an administrative user. Once the user is created, the module uses the new account to execute a command payload. Both the exploit and check methods...

F5 BIG-IP TMUI Directory Traversal and File Upload RCE

This module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and you may have ...

F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K61643620)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K61643620 advisory. - On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2...

F5 Networks BIG-IP : BIG-IP TMUI vulnerability (K42526507)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K42526507 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before...