Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense pfsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-21487
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows malicious users to execute arbitrary code via the RootFolder field of acme_certificates.php.
Netgate Pfsense 2.4.4
Netgate Pfsense Acme Package 0.6.3
4.3
CVSSv2
CVE-2008-1182
Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense prior to 1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Bsd Perimeter Pfsense 1.2
Bsd Perimeter Pfsense 1.0.1
4.3
CVSSv2
CVE-2019-12584
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
7.5
CVSSv2
CVE-2019-12585
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
6.5
CVSSv2
CVE-2014-4688
pfSense prior to 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Netgate Pfsense
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2014-4689
Absolute path traversal vulnerability in pkg_edit.php in pfSense prior to 2.1.4 allows remote malicious users to read arbitrary XML files via a full pathname in the xml parameter.
Netgate Pfsense
5
CVSSv2
CVE-2014-4690
Multiple directory traversal vulnerabilities in pfSense prior to 2.1.4 allow (1) remote malicious users to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadba...
Netgate Pfsense
4.3
CVSSv2
CVE-2014-4692
pfSense prior to 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Netgate Pfsense
NA
CVE-2022-29273
pfSense CE up to and including 2.6.0 and pfSense Plus prior to 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
Netgate Pfsense
4.3
CVSSv2
CVE-2020-10797
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense prior to 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
Netgate Pfsense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »