Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate pfsense vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2014-4688
pfSense prior to 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Netgate Pfsense
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2014-4689
Absolute path traversal vulnerability in pkg_edit.php in pfSense prior to 2.1.4 allows remote malicious users to read arbitrary XML files via a full pathname in the xml parameter.
Netgate Pfsense
5
CVSSv2
CVE-2014-4690
Multiple directory traversal vulnerabilities in pfSense prior to 2.1.4 allow (1) remote malicious users to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadba...
Netgate Pfsense
6.8
CVSSv2
CVE-2014-4691
Session fixation vulnerability in pfSense prior to 2.1.4 allows remote malicious users to hijack web sessions via a firewall login cookie.
Netgate Pfsense
4.3
CVSSv2
CVE-2014-4692
pfSense prior to 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Netgate Pfsense
4.3
CVSSv2
CVE-2015-6509
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableen...
Netgate Pfsense
NA
CVE-2022-29273
pfSense CE up to and including 2.6.0 and pfSense Plus prior to 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
Netgate Pfsense
4.3
CVSSv2
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
Netgate Pfsense 2.4.4
1 EDB exploit
NA
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated malicious users to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Netgate Pfsense 2.7.0
4.3
CVSSv2
CVE-2019-12949
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a ser...
Netgate Pfsense 2.4.4
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »