Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate pfsense 2.4.4 vulnerabilities and exploits
(subscribe to this query)
905
VMScore
CVE-2019-16701
pfSense up to and including 2.3.4 up to and including 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
Netgate Pfsense 2.4.4
Netgate Pfsense
1 EDB exploit
312
VMScore
CVE-2020-19201
A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and previous versions. The page did not encode output from the filter reload process, and a stored XSS was possible ...
Netgate Pfsense 2.4.4
Netgate Pfsense
668
VMScore
CVE-2019-16915
An issue exists in pfSense up to and including 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
Netgate Pfsense 2.4.4
Netgate Pfsense
383
VMScore
CVE-2019-16914
An XSS issue exists in pfSense up to and including 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
Netgate Pfsense 2.4.4
Netgate Pfsense
312
VMScore
CVE-2020-19203
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and previous versions. The widget did not encode the descr (description) parameter of wake-on-LAN entries...
Netgate Pfsense
Netgate Pfsense 2.4.4
578
VMScore
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense prior to 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
Netgate Pfsense
Netgate Pfsense 2.4.4
Opnsense Opnsense
383
VMScore
CVE-2019-12584
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
668
VMScore
CVE-2019-12585
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
NA
CVE-2020-21487
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows malicious users to execute arbitrary code via the RootFolder field of acme_certificates.php.
Netgate Pfsense 2.4.4
Netgate Pfsense Acme Package 0.6.3
NA
CVE-2020-21219
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote malicious users to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.
Netgate Pfsense 2.4.4
Netgate Acme 0.6.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »