Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for firepass_4100 by f5

    CVE-2008-2030 (GCVE-0-2008-2030)

    Vulnerability from nvd – Published: 2008-04-30 15:00 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://downloads.securityfocus.com/vulnerabilitie… x_refsource_MISC
    http://www.securityfocus.com/bid/28902 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29931 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:56.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
              },
              {
                "name": "28902",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28902"
              },
              {
                "name": "29931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29931"
              },
              {
                "name": "firepass-installcontrol-xss(42078)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
            },
            {
              "name": "28902",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28902"
            },
            {
              "name": "29931",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29931"
            },
            {
              "name": "firepass-installcontrol-xss(42078)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2030",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html",
                  "refsource": "MISC",
                  "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
                },
                {
                  "name": "28902",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28902"
                },
                {
                  "name": "29931",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29931"
                },
                {
                  "name": "firepass-installcontrol-xss(42078)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2030",
        "datePublished": "2008-04-30T15:00:00.000Z",
        "dateReserved": "2008-04-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:56.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6704 (GCVE-0-2007-6704)

    Vulnerability from nvd – Published: 2008-03-05 23:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3712",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3712"
              },
              {
                "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
              },
              {
                "name": "27904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27904"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
              },
              {
                "name": "38981",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/38981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
              },
              {
                "name": "firepass-myactivation-xss(38785)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
              },
              {
                "name": "26659",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26659"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
              },
              {
                "name": "firepass-mylogonphp3-xss(38795)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
              },
              {
                "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
              },
              {
                "name": "38980",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/38980"
              },
              {
                "name": "1019031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019031"
              },
              {
                "name": "26661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26661"
              },
              {
                "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3712",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3712"
            },
            {
              "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
            },
            {
              "name": "27904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27904"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
            },
            {
              "name": "38981",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/38981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
            },
            {
              "name": "firepass-myactivation-xss(38785)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
            },
            {
              "name": "26659",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26659"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
            },
            {
              "name": "firepass-mylogonphp3-xss(38795)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
            },
            {
              "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
            },
            {
              "name": "38980",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/38980"
            },
            {
              "name": "1019031",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019031"
            },
            {
              "name": "26661",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26661"
            },
            {
              "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3712",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3712"
                },
                {
                  "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
                },
                {
                  "name": "27904",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27904"
                },
                {
                  "name": "http://www.procheckup.com/Vulnerability_PR07-14.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
                },
                {
                  "name": "38981",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/38981"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
                },
                {
                  "name": "firepass-myactivation-xss(38785)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
                },
                {
                  "name": "26659",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26659"
                },
                {
                  "name": "http://www.procheckup.com/Vulnerability_PR07-15a.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
                },
                {
                  "name": "firepass-mylogonphp3-xss(38795)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
                },
                {
                  "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
                },
                {
                  "name": "38980",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/38980"
                },
                {
                  "name": "1019031",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019031"
                },
                {
                  "name": "26661",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26661"
                },
                {
                  "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6704",
        "datePublished": "2008-03-05T23:00:00.000Z",
        "dateReserved": "2008-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5979 (GCVE-0-2007-5979)

    Vulnerability from nvd – Published: 2007-11-15 00:00 – Updated: 2024-08-07 15:47
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/483601/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018937 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/3364 third-party-advisoryx_refsource_SREASON
    http://osvdb.org/38665 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/26412 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.procheckup.com/Vulnerability_PR07-13.php x_refsource_MISC
    http://www.vupen.com/english/advisories/2007/3847 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/27647 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:47:00.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20071112 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN \u0027download_plugin.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/483601/100/0/threaded"
              },
              {
                "name": "1018937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018937"
              },
              {
                "name": "3364",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3364"
              },
              {
                "name": "38665",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38665"
              },
              {
                "name": "26412",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26412"
              },
              {
                "name": "firepass-downloadplugin-xss(38439)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38439"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulnerability_PR07-13.php"
              },
              {
                "name": "ADV-2007-3847",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3847"
              },
              {
                "name": "27647",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27647"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20071112 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN \u0027download_plugin.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/483601/100/0/threaded"
            },
            {
              "name": "1018937",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018937"
            },
            {
              "name": "3364",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3364"
            },
            {
              "name": "38665",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38665"
            },
            {
              "name": "26412",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26412"
            },
            {
              "name": "firepass-downloadplugin-xss(38439)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38439"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-13.php"
            },
            {
              "name": "ADV-2007-3847",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3847"
            },
            {
              "name": "27647",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27647"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5979",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20071112 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN \u0027download_plugin.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/483601/100/0/threaded"
                },
                {
                  "name": "1018937",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018937"
                },
                {
                  "name": "3364",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3364"
                },
                {
                  "name": "38665",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38665"
                },
                {
                  "name": "26412",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26412"
                },
                {
                  "name": "firepass-downloadplugin-xss(38439)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38439"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html"
                },
                {
                  "name": "http://www.procheckup.com/Vulnerability_PR07-13.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulnerability_PR07-13.php"
                },
                {
                  "name": "ADV-2007-3847",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3847"
                },
                {
                  "name": "27647",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27647"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5979",
        "datePublished": "2007-11-15T00:00:00.000Z",
        "dateReserved": "2007-11-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:47:00.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3097 (GCVE-0-2007-3097)

    Vulnerability from nvd – Published: 2007-06-06 22:00 – Updated: 2024-08-07 14:05
    VLAI
    Summary
    my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1018190 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/25563 third-party-advisoryx_refsource_SECUNIA
    http://www.s21sec.com/avisos/s21sec-035-en.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/470444/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/2073 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/24306 vdb-entryx_refsource_BID
    http://www.osvdb.org/35246 vdb-entryx_refsource_OSVDB
    Date Public
    2007-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:05:29.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1018190",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018190"
              },
              {
                "name": "25563",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25563"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.s21sec.com/avisos/s21sec-035-en.txt"
              },
              {
                "name": "20070604 S21Sec-035: F5 FirePass command execution vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470444/100/0/threaded"
              },
              {
                "name": "firepass-myactivation-command-execution(34708)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34708"
              },
              {
                "name": "ADV-2007-2073",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2073"
              },
              {
                "name": "24306",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24306"
              },
              {
                "name": "35246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35246"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1018190",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018190"
            },
            {
              "name": "25563",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25563"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.s21sec.com/avisos/s21sec-035-en.txt"
            },
            {
              "name": "20070604 S21Sec-035: F5 FirePass command execution vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470444/100/0/threaded"
            },
            {
              "name": "firepass-myactivation-command-execution(34708)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34708"
            },
            {
              "name": "ADV-2007-2073",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2073"
            },
            {
              "name": "24306",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24306"
            },
            {
              "name": "35246",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35246"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3097",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1018190",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018190"
                },
                {
                  "name": "25563",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25563"
                },
                {
                  "name": "http://www.s21sec.com/avisos/s21sec-035-en.txt",
                  "refsource": "MISC",
                  "url": "http://www.s21sec.com/avisos/s21sec-035-en.txt"
                },
                {
                  "name": "20070604 S21Sec-035: F5 FirePass command execution vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470444/100/0/threaded"
                },
                {
                  "name": "firepass-myactivation-command-execution(34708)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34708"
                },
                {
                  "name": "ADV-2007-2073",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2073"
                },
                {
                  "name": "24306",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24306"
                },
                {
                  "name": "35246",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35246"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3097",
        "datePublished": "2007-06-06T22:00:00.000Z",
        "dateReserved": "2007-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:05:29.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0186 (GCVE-0-2007-0186)

    Vulnerability from nvd – Published: 2007-01-11 02:00 – Updated: 2024-08-07 12:12
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mnin.org/advisories/2007_firepass.pdf x_refsource_MISC
    http://secunia.com/advisories/23627 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/32738 vdb-entryx_refsource_OSVDB
    https://tech.f5.com/home/solutions/sol6920.html x_refsource_CONFIRM
    https://tech.f5.com/home/solutions/sol6919.html x_refsource_CONFIRM
    http://www.osvdb.org/32739 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/23643 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/32737 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/32743 vdb-entryx_refsource_OSVDB
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/32740 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/32741 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/32742 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/21957 vdb-entryx_refsource_BID
    Date Public
    2007-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:12:17.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
              },
              {
                "name": "23627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23627"
              },
              {
                "name": "32738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32738"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tech.f5.com/home/solutions/sol6920.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tech.f5.com/home/solutions/sol6919.html"
              },
              {
                "name": "32739",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32739"
              },
              {
                "name": "23643",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23643"
              },
              {
                "name": "32737",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32737"
              },
              {
                "name": "32743",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32743"
              },
              {
                "name": "20070106 NNL-Labs \u0026 MNIN - F5 FirePass Security Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
              },
              {
                "name": "32740",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32740"
              },
              {
                "name": "32741",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32741"
              },
              {
                "name": "32742",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32742"
              },
              {
                "name": "21957",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21957"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an \u003cFP_DO_NOT_TOUCH\u003e element; and (13) the vhost parameter to my.activation.php.  NOTE: it is possible that this candidate overlaps CVE-2006-3550."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-01-17T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
            },
            {
              "name": "23627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23627"
            },
            {
              "name": "32738",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32738"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tech.f5.com/home/solutions/sol6920.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tech.f5.com/home/solutions/sol6919.html"
            },
            {
              "name": "32739",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32739"
            },
            {
              "name": "23643",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23643"
            },
            {
              "name": "32737",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32737"
            },
            {
              "name": "32743",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32743"
            },
            {
              "name": "20070106 NNL-Labs \u0026 MNIN - F5 FirePass Security Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
            },
            {
              "name": "32740",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32740"
            },
            {
              "name": "32741",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32741"
            },
            {
              "name": "32742",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32742"
            },
            {
              "name": "21957",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21957"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an \u003cFP_DO_NOT_TOUCH\u003e element; and (13) the vhost parameter to my.activation.php.  NOTE: it is possible that this candidate overlaps CVE-2006-3550."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.mnin.org/advisories/2007_firepass.pdf",
                  "refsource": "MISC",
                  "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
                },
                {
                  "name": "23627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23627"
                },
                {
                  "name": "32738",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32738"
                },
                {
                  "name": "https://tech.f5.com/home/solutions/sol6920.html",
                  "refsource": "CONFIRM",
                  "url": "https://tech.f5.com/home/solutions/sol6920.html"
                },
                {
                  "name": "https://tech.f5.com/home/solutions/sol6919.html",
                  "refsource": "CONFIRM",
                  "url": "https://tech.f5.com/home/solutions/sol6919.html"
                },
                {
                  "name": "32739",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32739"
                },
                {
                  "name": "23643",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23643"
                },
                {
                  "name": "32737",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32737"
                },
                {
                  "name": "32743",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32743"
                },
                {
                  "name": "20070106 NNL-Labs \u0026 MNIN - F5 FirePass Security Advisory",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
                },
                {
                  "name": "32740",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32740"
                },
                {
                  "name": "32741",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32741"
                },
                {
                  "name": "32742",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32742"
                },
                {
                  "name": "21957",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21957"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0186",
        "datePublished": "2007-01-11T02:00:00.000Z",
        "dateReserved": "2007-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:12:17.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3550 (GCVE-0-2006-3550)

    Vulnerability from nvd – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:34.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352"
              },
              {
                "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded"
              },
              {
                "name": "1016431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016431"
              },
              {
                "name": "1237",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1237"
              },
              {
                "name": "18799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18799"
              },
              {
                "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html"
              },
              {
                "name": "firepass-multiple-xss(27547)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547"
              },
              {
                "name": "ADV-2006-2678",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2678"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified \"writable form fields and hidden fields,\" including \"authentication frontends.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352"
            },
            {
              "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded"
            },
            {
              "name": "1016431",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016431"
            },
            {
              "name": "1237",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1237"
            },
            {
              "name": "18799",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18799"
            },
            {
              "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html"
            },
            {
              "name": "firepass-multiple-xss(27547)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547"
            },
            {
              "name": "ADV-2006-2678",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2678"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3550",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified \"writable form fields and hidden fields,\" including \"authentication frontends.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352",
                  "refsource": "MISC",
                  "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352"
                },
                {
                  "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded"
                },
                {
                  "name": "1016431",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016431"
                },
                {
                  "name": "1237",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1237"
                },
                {
                  "name": "18799",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18799"
                },
                {
                  "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html"
                },
                {
                  "name": "firepass-multiple-xss(27547)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547"
                },
                {
                  "name": "ADV-2006-2678",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2678"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3550",
        "datePublished": "2006-07-13T00:00:00.000Z",
        "dateReserved": "2006-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:34.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1357 (GCVE-0-2006-1357)

    Vulnerability from nvd – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/19337 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17175 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/428318/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/611 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1036 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015798 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:12:20.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19337",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19337"
              },
              {
                "name": "17175",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17175"
              },
              {
                "name": "20060321 XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/428318/100/0/threaded"
              },
              {
                "name": "611",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/611"
              },
              {
                "name": "firepass-mysupport-xss(25393)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25393"
              },
              {
                "name": "ADV-2006-1036",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1036"
              },
              {
                "name": "1015798",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015798"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19337",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19337"
            },
            {
              "name": "17175",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17175"
            },
            {
              "name": "20060321 XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/428318/100/0/threaded"
            },
            {
              "name": "611",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/611"
            },
            {
              "name": "firepass-mysupport-xss(25393)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25393"
            },
            {
              "name": "ADV-2006-1036",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1036"
            },
            {
              "name": "1015798",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015798"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19337",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19337"
                },
                {
                  "name": "17175",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17175"
                },
                {
                  "name": "20060321 XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/428318/100/0/threaded"
                },
                {
                  "name": "611",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/611"
                },
                {
                  "name": "firepass-mysupport-xss(25393)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25393"
                },
                {
                  "name": "ADV-2006-1036",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1036"
                },
                {
                  "name": "1015798",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015798"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1357",
        "datePublished": "2006-03-22T02:00:00.000Z",
        "dateReserved": "2006-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:12:20.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2030 (GCVE-0-2008-2030)

    Vulnerability from cvelistv5 – Published: 2008-04-30 15:00 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://downloads.securityfocus.com/vulnerabilitie… x_refsource_MISC
    http://www.securityfocus.com/bid/28902 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29931 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:56.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
              },
              {
                "name": "28902",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28902"
              },
              {
                "name": "29931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29931"
              },
              {
                "name": "firepass-installcontrol-xss(42078)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
            },
            {
              "name": "28902",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28902"
            },
            {
              "name": "29931",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29931"
            },
            {
              "name": "firepass-installcontrol-xss(42078)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2030",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html",
                  "refsource": "MISC",
                  "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
                },
                {
                  "name": "28902",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28902"
                },
                {
                  "name": "29931",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29931"
                },
                {
                  "name": "firepass-installcontrol-xss(42078)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2030",
        "datePublished": "2008-04-30T15:00:00.000Z",
        "dateReserved": "2008-04-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:56.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6704 (GCVE-0-2007-6704)

    Vulnerability from cvelistv5 – Published: 2008-03-05 23:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-11-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3712",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3712"
              },
              {
                "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
              },
              {
                "name": "27904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27904"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
              },
              {
                "name": "38981",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/38981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
              },
              {
                "name": "firepass-myactivation-xss(38785)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
              },
              {
                "name": "26659",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26659"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
              },
              {
                "name": "firepass-mylogonphp3-xss(38795)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
              },
              {
                "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
              },
              {
                "name": "38980",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/38980"
              },
              {
                "name": "1019031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019031"
              },
              {
                "name": "26661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26661"
              },
              {
                "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3712",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3712"
            },
            {
              "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
            },
            {
              "name": "27904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27904"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
            },
            {
              "name": "38981",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/38981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
            },
            {
              "name": "firepass-myactivation-xss(38785)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
            },
            {
              "name": "26659",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26659"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
            },
            {
              "name": "firepass-mylogonphp3-xss(38795)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
            },
            {
              "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
            },
            {
              "name": "38980",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/38980"
            },
            {
              "name": "1019031",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019031"
            },
            {
              "name": "26661",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26661"
            },
            {
              "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3712",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3712"
                },
                {
                  "name": "20080523 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/492511/100/0/threaded"
                },
                {
                  "name": "27904",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27904"
                },
                {
                  "name": "http://www.procheckup.com/Vulnerability_PR07-14.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulnerability_PR07-14.php"
                },
                {
                  "name": "38981",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/38981"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/7000/900/SOL7923.html"
                },
                {
                  "name": "firepass-myactivation-xss(38785)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38785"
                },
                {
                  "name": "26659",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26659"
                },
                {
                  "name": "http://www.procheckup.com/Vulnerability_PR07-15a.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulnerability_PR07-15a.php"
                },
                {
                  "name": "firepass-mylogonphp3-xss(38795)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38795"
                },
                {
                  "name": "20071130 PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.activation.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484411/100/0/threaded"
                },
                {
                  "name": "38980",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/38980"
                },
                {
                  "name": "1019031",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019031"
                },
                {
                  "name": "26661",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26661"
                },
                {
                  "name": "20071130 PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN \u0027my.logon.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484413/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6704",
        "datePublished": "2008-03-05T23:00:00.000Z",
        "dateReserved": "2008-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5979 (GCVE-0-2007-5979)

    Vulnerability from cvelistv5 – Published: 2007-11-15 00:00 – Updated: 2024-08-07 15:47
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/483601/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018937 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/3364 third-party-advisoryx_refsource_SREASON
    http://osvdb.org/38665 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/26412 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.procheckup.com/Vulnerability_PR07-13.php x_refsource_MISC
    http://www.vupen.com/english/advisories/2007/3847 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/27647 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:47:00.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20071112 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN \u0027download_plugin.php3\u0027 server-side script",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/483601/100/0/threaded"
              },
              {
                "name": "1018937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018937"
              },
              {
                "name": "3364",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3364"
              },
              {
                "name": "38665",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38665"
              },
              {
                "name": "26412",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26412"
              },
              {
                "name": "firepass-downloadplugin-xss(38439)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38439"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.procheckup.com/Vulnerability_PR07-13.php"
              },
              {
                "name": "ADV-2007-3847",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3847"
              },
              {
                "name": "27647",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27647"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20071112 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN \u0027download_plugin.php3\u0027 server-side script",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/483601/100/0/threaded"
            },
            {
              "name": "1018937",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018937"
            },
            {
              "name": "3364",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3364"
            },
            {
              "name": "38665",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38665"
            },
            {
              "name": "26412",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26412"
            },
            {
              "name": "firepass-downloadplugin-xss(38439)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38439"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.procheckup.com/Vulnerability_PR07-13.php"
            },
            {
              "name": "ADV-2007-3847",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3847"
            },
            {
              "name": "27647",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27647"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5979",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20071112 PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN \u0027download_plugin.php3\u0027 server-side script",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/483601/100/0/threaded"
                },
                {
                  "name": "1018937",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018937"
                },
                {
                  "name": "3364",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3364"
                },
                {
                  "name": "38665",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38665"
                },
                {
                  "name": "26412",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26412"
                },
                {
                  "name": "firepass-downloadplugin-xss(38439)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38439"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html"
                },
                {
                  "name": "http://www.procheckup.com/Vulnerability_PR07-13.php",
                  "refsource": "MISC",
                  "url": "http://www.procheckup.com/Vulnerability_PR07-13.php"
                },
                {
                  "name": "ADV-2007-3847",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3847"
                },
                {
                  "name": "27647",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27647"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5979",
        "datePublished": "2007-11-15T00:00:00.000Z",
        "dateReserved": "2007-11-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:47:00.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3097 (GCVE-0-2007-3097)

    Vulnerability from cvelistv5 – Published: 2007-06-06 22:00 – Updated: 2024-08-07 14:05
    VLAI
    Summary
    my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1018190 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/25563 third-party-advisoryx_refsource_SECUNIA
    http://www.s21sec.com/avisos/s21sec-035-en.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/470444/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/2073 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/24306 vdb-entryx_refsource_BID
    http://www.osvdb.org/35246 vdb-entryx_refsource_OSVDB
    Date Public
    2007-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:05:29.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1018190",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018190"
              },
              {
                "name": "25563",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25563"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.s21sec.com/avisos/s21sec-035-en.txt"
              },
              {
                "name": "20070604 S21Sec-035: F5 FirePass command execution vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470444/100/0/threaded"
              },
              {
                "name": "firepass-myactivation-command-execution(34708)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34708"
              },
              {
                "name": "ADV-2007-2073",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2073"
              },
              {
                "name": "24306",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24306"
              },
              {
                "name": "35246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35246"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1018190",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018190"
            },
            {
              "name": "25563",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25563"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.s21sec.com/avisos/s21sec-035-en.txt"
            },
            {
              "name": "20070604 S21Sec-035: F5 FirePass command execution vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470444/100/0/threaded"
            },
            {
              "name": "firepass-myactivation-command-execution(34708)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34708"
            },
            {
              "name": "ADV-2007-2073",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2073"
            },
            {
              "name": "24306",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24306"
            },
            {
              "name": "35246",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35246"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3097",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1018190",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018190"
                },
                {
                  "name": "25563",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25563"
                },
                {
                  "name": "http://www.s21sec.com/avisos/s21sec-035-en.txt",
                  "refsource": "MISC",
                  "url": "http://www.s21sec.com/avisos/s21sec-035-en.txt"
                },
                {
                  "name": "20070604 S21Sec-035: F5 FirePass command execution vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470444/100/0/threaded"
                },
                {
                  "name": "firepass-myactivation-command-execution(34708)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34708"
                },
                {
                  "name": "ADV-2007-2073",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2073"
                },
                {
                  "name": "24306",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24306"
                },
                {
                  "name": "35246",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35246"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3097",
        "datePublished": "2007-06-06T22:00:00.000Z",
        "dateReserved": "2007-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:05:29.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0186 (GCVE-0-2007-0186)

    Vulnerability from cvelistv5 – Published: 2007-01-11 02:00 – Updated: 2024-08-07 12:12
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mnin.org/advisories/2007_firepass.pdf x_refsource_MISC
    http://secunia.com/advisories/23627 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/32738 vdb-entryx_refsource_OSVDB
    https://tech.f5.com/home/solutions/sol6920.html x_refsource_CONFIRM
    https://tech.f5.com/home/solutions/sol6919.html x_refsource_CONFIRM
    http://www.osvdb.org/32739 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/23643 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/32737 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/32743 vdb-entryx_refsource_OSVDB
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/32740 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/32741 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/32742 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/21957 vdb-entryx_refsource_BID
    Date Public
    2007-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:12:17.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
              },
              {
                "name": "23627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23627"
              },
              {
                "name": "32738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32738"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tech.f5.com/home/solutions/sol6920.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tech.f5.com/home/solutions/sol6919.html"
              },
              {
                "name": "32739",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32739"
              },
              {
                "name": "23643",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23643"
              },
              {
                "name": "32737",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32737"
              },
              {
                "name": "32743",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32743"
              },
              {
                "name": "20070106 NNL-Labs \u0026 MNIN - F5 FirePass Security Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
              },
              {
                "name": "32740",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32740"
              },
              {
                "name": "32741",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32741"
              },
              {
                "name": "32742",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32742"
              },
              {
                "name": "21957",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21957"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an \u003cFP_DO_NOT_TOUCH\u003e element; and (13) the vhost parameter to my.activation.php.  NOTE: it is possible that this candidate overlaps CVE-2006-3550."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-01-17T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
            },
            {
              "name": "23627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23627"
            },
            {
              "name": "32738",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32738"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tech.f5.com/home/solutions/sol6920.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tech.f5.com/home/solutions/sol6919.html"
            },
            {
              "name": "32739",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32739"
            },
            {
              "name": "23643",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23643"
            },
            {
              "name": "32737",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32737"
            },
            {
              "name": "32743",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32743"
            },
            {
              "name": "20070106 NNL-Labs \u0026 MNIN - F5 FirePass Security Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
            },
            {
              "name": "32740",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32740"
            },
            {
              "name": "32741",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32741"
            },
            {
              "name": "32742",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32742"
            },
            {
              "name": "21957",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21957"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an \u003cFP_DO_NOT_TOUCH\u003e element; and (13) the vhost parameter to my.activation.php.  NOTE: it is possible that this candidate overlaps CVE-2006-3550."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.mnin.org/advisories/2007_firepass.pdf",
                  "refsource": "MISC",
                  "url": "http://www.mnin.org/advisories/2007_firepass.pdf"
                },
                {
                  "name": "23627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23627"
                },
                {
                  "name": "32738",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32738"
                },
                {
                  "name": "https://tech.f5.com/home/solutions/sol6920.html",
                  "refsource": "CONFIRM",
                  "url": "https://tech.f5.com/home/solutions/sol6920.html"
                },
                {
                  "name": "https://tech.f5.com/home/solutions/sol6919.html",
                  "refsource": "CONFIRM",
                  "url": "https://tech.f5.com/home/solutions/sol6919.html"
                },
                {
                  "name": "32739",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32739"
                },
                {
                  "name": "23643",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23643"
                },
                {
                  "name": "32737",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32737"
                },
                {
                  "name": "32743",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32743"
                },
                {
                  "name": "20070106 NNL-Labs \u0026 MNIN - F5 FirePass Security Advisory",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"
                },
                {
                  "name": "32740",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32740"
                },
                {
                  "name": "32741",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32741"
                },
                {
                  "name": "32742",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32742"
                },
                {
                  "name": "21957",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21957"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0186",
        "datePublished": "2007-01-11T02:00:00.000Z",
        "dateReserved": "2007-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:12:17.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3550 (GCVE-0-2006-3550)

    Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:34.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352"
              },
              {
                "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded"
              },
              {
                "name": "1016431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016431"
              },
              {
                "name": "1237",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1237"
              },
              {
                "name": "18799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18799"
              },
              {
                "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html"
              },
              {
                "name": "firepass-multiple-xss(27547)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547"
              },
              {
                "name": "ADV-2006-2678",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2678"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified \"writable form fields and hidden fields,\" including \"authentication frontends.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352"
            },
            {
              "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded"
            },
            {
              "name": "1016431",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016431"
            },
            {
              "name": "1237",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1237"
            },
            {
              "name": "18799",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18799"
            },
            {
              "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html"
            },
            {
              "name": "firepass-multiple-xss(27547)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547"
            },
            {
              "name": "ADV-2006-2678",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2678"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3550",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified \"writable form fields and hidden fields,\" including \"authentication frontends.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352",
                  "refsource": "MISC",
                  "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352"
                },
                {
                  "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/439033/100/0/threaded"
                },
                {
                  "name": "1016431",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016431"
                },
                {
                  "name": "1237",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1237"
                },
                {
                  "name": "18799",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18799"
                },
                {
                  "name": "20060704 [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047635.html"
                },
                {
                  "name": "firepass-multiple-xss(27547)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27547"
                },
                {
                  "name": "ADV-2006-2678",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2678"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3550",
        "datePublished": "2006-07-13T00:00:00.000Z",
        "dateReserved": "2006-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:34.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1357 (GCVE-0-2006-1357)

    Vulnerability from cvelistv5 – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/19337 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17175 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/428318/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/611 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1036 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1015798 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:12:20.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19337",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19337"
              },
              {
                "name": "17175",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17175"
              },
              {
                "name": "20060321 XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/428318/100/0/threaded"
              },
              {
                "name": "611",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/611"
              },
              {
                "name": "firepass-mysupport-xss(25393)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25393"
              },
              {
                "name": "ADV-2006-1036",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1036"
              },
              {
                "name": "1015798",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015798"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19337",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19337"
            },
            {
              "name": "17175",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17175"
            },
            {
              "name": "20060321 XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/428318/100/0/threaded"
            },
            {
              "name": "611",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/611"
            },
            {
              "name": "firepass-mysupport-xss(25393)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25393"
            },
            {
              "name": "ADV-2006-1036",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1036"
            },
            {
              "name": "1015798",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015798"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19337",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19337"
                },
                {
                  "name": "17175",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17175"
                },
                {
                  "name": "20060321 XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/428318/100/0/threaded"
                },
                {
                  "name": "611",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/611"
                },
                {
                  "name": "firepass-mysupport-xss(25393)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25393"
                },
                {
                  "name": "ADV-2006-1036",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1036"
                },
                {
                  "name": "1015798",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015798"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1357",
        "datePublished": "2006-03-22T02:00:00.000Z",
        "dateReserved": "2006-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:12:20.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }