Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-16055
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense prior to 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the ...
Netgate Pfsense
NA
CVE-2014-4687
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter pa...
Netgate Pfsense
NA
CVE-2014-4688
pfSense prior to 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Netgate Pfsense
1 EDB exploit
1 Github repository
NA
CVE-2014-4689
Absolute path traversal vulnerability in pkg_edit.php in pfSense prior to 2.1.4 allows remote malicious users to read arbitrary XML files via a full pathname in the xml parameter.
Netgate Pfsense
NA
CVE-2014-4690
Multiple directory traversal vulnerabilities in pfSense prior to 2.1.4 allow (1) remote malicious users to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadba...
Netgate Pfsense
NA
CVE-2014-4691
Session fixation vulnerability in pfSense prior to 2.1.4 allows remote malicious users to hijack web sessions via a firewall login cookie.
Netgate Pfsense
NA
CVE-2014-4692
pfSense prior to 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Netgate Pfsense
7.2
CVSSv3
CVE-2018-4019
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
7.2
CVSSv3
CVE-2018-4020
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
7.2
CVSSv3
CVE-2018-4021
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »