Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-21132
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions before 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions before 0.1.6_1 allows a remote authenticated malicious user to lead a pfSense user to view a file outside the public folder.
Pfsense Pfsense-pkg-wireguard
Pfsense Pfsense-pkg-wireguard 0.1.6
9
CVSSv2
CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the commo...
Pfsense Pfsense 2.5.2
1 Metasploit module
1 Github repository
4.3
CVSSv2
CVE-2022-23993
/usr/local/www/pkg.php in pfSense CE prior to 2.6.0 and pfSense Plus prior to 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Pfsense Pfsense Plus
Pfsense Pfsense
3.5
CVSSv2
CVE-2020-19201
A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and previous versions. The page did not encode output from the filter reload process, and a stored XSS was possible ...
Netgate Pfsense 2.4.4
Netgate Pfsense
3.5
CVSSv2
CVE-2020-19203
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and previous versions. The widget did not encode the descr (description) parameter of wake-on-LAN entries...
Netgate Pfsense
Netgate Pfsense 2.4.4
3.5
CVSSv2
CVE-2020-26693
A stored cross-site scripting (XSS) vulnerability exists in pfSense 2.4.5-p1 which allows an authenticated malicious user to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Pfsense Pfsense 2.4.5
4.3
CVSSv2
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
4.3
CVSSv2
CVE-2020-10797
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense prior to 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
Netgate Pfsense
3.5
CVSSv2
CVE-2020-11457
pfSense prior to 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
Netgate Pfsense
4.3
CVSSv2
CVE-2019-18667
/usr/local/www/freeradius_view_config.php in the freeradius3 package prior to 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Pfsense Pfsense-pkg-freeradius3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »