Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2014-4695
Multiple open redirect vulnerabilities in the Snort package prior to 3.0.13 for pfSense up to and including 2.1.4 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) th...
Pfsense Snort Package
Netgate Pfsense 2.1.3
Netgate Pfsense
NA
CVE-2022-42247
pfSense v2.5.2 exists to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Pfsense Pfsense 2.5.2
NA
CVE-2023-29973
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
Pfsense Pfsense 2.6.0
NA
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to compromise user accounts via weak password requirements.
Pfsense Pfsense 2.6.0
NA
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to change the password of any user without verification.
Pfsense Pfsense 2.6.0
9
CVSSv2
CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the commo...
Pfsense Pfsense 2.5.2
1 Metasploit module
1 Github repository
3.5
CVSSv2
CVE-2020-26693
A stored cross-site scripting (XSS) vulnerability exists in pfSense 2.4.5-p1 which allows an authenticated malicious user to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Pfsense Pfsense 2.4.5
NA
CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote malicious user to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Oisf Suricata 1.4.6
Pfsense Suricata Package 1.0.1
Pfsense Pfsense 2.1.3
4.3
CVSSv2
CVE-2019-18667
/usr/local/www/freeradius_view_config.php in the freeradius3 package prior to 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Pfsense Pfsense-pkg-freeradius3
9
CVSSv2
CVE-2019-16701
pfSense up to and including 2.3.4 up to and including 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
Netgate Pfsense 2.4.4
Netgate Pfsense
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »