CVE-2012-1777
- EPSS 2.33%
- Veröffentlicht 05.04.2012 14:55:05
- Zuletzt bearbeitet 16.06.2026 23:40:17
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
CVE-2012-2053
- EPSS 0.48%
- Veröffentlicht 05.04.2012 14:55:05
- Zuletzt bearbeitet 16.06.2026 23:40:52
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user ...
CVE-2007-0187
- EPSS 3.62%
- Veröffentlicht 12.01.2007 05:04:00
- Zuletzt bearbeitet 16.06.2026 22:35:05
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper c...
CVE-2007-0188
- EPSS 1.31%
- Veröffentlicht 12.01.2007 05:04:00
- Zuletzt bearbeitet 16.06.2026 22:35:05
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass ad...
- EPSS 1.44%
- Veröffentlicht 12.01.2007 05:04:00
- Zuletzt bearbeitet 16.06.2026 22:35:06
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP ac...