Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate pfsense vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2019-16701
pfSense up to and including 2.3.4 up to and including 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
Netgate Pfsense 2.4.4
Netgate Pfsense
1 EDB exploit
9
CVSSv2
CVE-2018-16055
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense prior to 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the ...
Netgate Pfsense
8.5
CVSSv2
CVE-2022-26019
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions before 2.6.0 and pfSense Plus software versions before 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, wh...
Netgate Pfsense Plus
Netgate Pfsense
7.8
CVSSv2
CVE-2015-1414
Integer overflow in FreeBSD prior to 8.4 p24, 9.x prior to 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote malicious users to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory...
Netgate Pfsense 2.2.1
Debian Debian Linux 7.0
Freebsd Freebsd 8.4
Freebsd Freebsd 9.0
Freebsd Freebsd 9.1
Freebsd Freebsd 9.2
Freebsd Freebsd 10.1
Freebsd Freebsd 9.3
Freebsd Freebsd 10.0
7.5
CVSSv2
CVE-2019-16915
An issue exists in pfSense up to and including 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
Netgate Pfsense 2.4.4
Netgate Pfsense
7.5
CVSSv2
CVE-2019-12585
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
6.8
CVSSv2
CVE-2019-16667
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
Netgate Pfsense 2.4.4
6.8
CVSSv2
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
6.8
CVSSv2
CVE-2015-2295
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense prior to 2.2.1 allows remote malicious users to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
Netgate Pfsense
1 EDB exploit
6.8
CVSSv2
CVE-2014-4691
Session fixation vulnerability in pfSense prior to 2.1.4 allows remote malicious users to hijack web sessions via a firewall login cookie.
Netgate Pfsense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »