cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2014-2927,https://securityvulnerability.io/vulnerability/CVE-2014-2927,,"The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.",F5,"Big-ip Protocol Security Module,Arx,Big-ip Wan Optimization Manager,Big-ip Local Traffic Manager,Big-ip Access Policy Manager,Big-ip Link Controller,Big-ip Webaccelerator,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Edge Gateway,Big-ip Global Traffic Manager,Firepass,Big-iq Security,Big-iq Cloud,Enterprise Manager,Big-ip Advanced Firewall Manager,Big-ip Policy Enforcement Manager,Big-ip Application Acceleration Manager,Big-iq Device",,,0.0760900005698204,false,false,false,false,,false,false,2014-10-15T14:00:00.000Z,0
CVE-2013-6024,https://securityvulnerability.io/vulnerability/CVE-2013-6024,,"The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.",F5,"Big-ip Access Policy Manager,Firepass,Big-ip Edge Gateway",,,0.000590000010561198,false,false,false,false,,false,false,2014-02-10T17:00:00.000Z,0
CVE-2012-2053,https://securityvulnerability.io/vulnerability/CVE-2012-2053,,"The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.",F5,Firepass,,,0.0004199999966658652,false,false,false,false,,false,false,2012-04-05T14:55:00.000Z,0
CVE-2012-1777,https://securityvulnerability.io/vulnerability/CVE-2012-1777,,SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.,F5,Firepass,,,0.00610999995842576,false,false,false,false,,false,false,2012-04-05T14:55:00.000Z,0
CVE-2009-2119,https://securityvulnerability.io/vulnerability/CVE-2009-2119,,Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.,F5,Firepass Ssl Vpn,,,0.004819999914616346,false,false,false,false,,false,false,2009-06-18T21:00:00.000Z,0
CVE-2008-3149,https://securityvulnerability.io/vulnerability/CVE-2008-3149,,The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.,F5,Firepass 1200,,,0.015479999594390392,false,false,false,false,,false,false,2008-07-11T18:00:00.000Z,0
CVE-2008-2637,https://securityvulnerability.io/vulnerability/CVE-2008-2637,,"Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.",F5,Firepass Ssl Vpn,,,0.00547999981790781,false,false,false,false,,false,false,2008-06-10T00:00:00.000Z,0
CVE-2008-2030,https://securityvulnerability.io/vulnerability/CVE-2008-2030,,Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.,F5,"Firepass Ssl Vpn,Firepass 4100",,,0.008670000359416008,false,false,false,false,,false,false,2008-04-30T15:00:00.000Z,0
CVE-2007-6704,https://securityvulnerability.io/vulnerability/CVE-2007-6704,,"Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.",F5,Firepass 4100,,,0.13048000633716583,false,false,false,false,,false,false,2008-03-05T23:00:00.000Z,0
CVE-2007-5979,https://securityvulnerability.io/vulnerability/CVE-2007-5979,,Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.,F5,Firepass 4100,,,0.02679000049829483,false,false,false,false,,false,false,2007-11-15T00:00:00.000Z,0
CVE-2007-3097,https://securityvulnerability.io/vulnerability/CVE-2007-3097,,my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.,F5,Firepass 4100,,,0.015490000136196613,false,false,false,false,,false,false,2007-06-06T22:00:00.000Z,0
CVE-2007-0187,https://securityvulnerability.io/vulnerability/CVE-2007-0187,,"F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.",F5,Firepass,,,0.01720999926328659,false,false,false,false,,false,false,2007-01-12T05:04:00.000Z,0
CVE-2007-0186,https://securityvulnerability.io/vulnerability/CVE-2007-0186,,"Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php.  NOTE: it is possible that this candidate overlaps CVE-2006-3550.",F5,Firepass 4100,,,0.04729999974370003,false,false,false,false,,false,false,2007-01-12T05:04:00.000Z,0
CVE-2007-0195,https://securityvulnerability.io/vulnerability/CVE-2007-0195,,"my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.",F5,Firepass,,,0.009100000374019146,false,false,false,false,,false,false,2007-01-12T05:04:00.000Z,0
CVE-2007-0188,https://securityvulnerability.io/vulnerability/CVE-2007-0188,,"F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address (""dotless IP address""), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.",F5,Firepass,,,0.005169999785721302,false,false,false,false,,false,false,2007-01-12T05:04:00.000Z,0
CVE-2006-5416,https://securityvulnerability.io/vulnerability/CVE-2006-5416,,"Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter.",F5,Firepass 1000,,,0.009150000289082527,false,false,false,false,,false,false,2006-10-20T10:00:00.000Z,0
CVE-2006-3550,https://securityvulnerability.io/vulnerability/CVE-2006-3550,,"Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified ""writable form fields and hidden fields,"" including ""authentication frontends.""",F5,Firepass 4100,,,0.006140000186860561,false,false,false,false,,false,false,2006-07-13T00:00:00.000Z,0
CVE-2006-1357,https://securityvulnerability.io/vulnerability/CVE-2006-1357,,Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.,F5,Firepass 4100,,,0.06456000357866287,false,false,false,false,,false,false,2006-03-22T02:00:00.000Z,0