Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate pfsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4692
pfSense prior to 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Netgate Pfsense
NA
CVE-2015-2295
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense prior to 2.2.1 allows remote malicious users to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
Netgate Pfsense
1 EDB exploit
NA
CVE-2015-4029
Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.
Netgate Pfsense
5.4
CVSSv3
CVE-2020-11457
pfSense prior to 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
Netgate Pfsense
NA
CVE-2015-6508
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.
Netgate Pfsense
NA
CVE-2015-6510
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, ...
Netgate Pfsense
NA
CVE-2015-6511
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.
Netgate Pfsense
7.5
CVSSv3
CVE-2018-20799
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for ...
Netgate Pfsense 2.4.4
8.8
CVSSv3
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated malicious users to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Netgate Pfsense 2.7.0
8.8
CVSSv3
CVE-2019-16667
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
Netgate Pfsense 2.4.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »