Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate pfsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-42325
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote malicious user to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
Netgate Pfsense 2.7.0
NA
CVE-2023-42327
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote malicious user to gain privileges via a crafted URL to the getserviceproviders.php page.
Netgate Pfsense 2.7.0
4.3
CVSSv2
CVE-2019-12949
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a ser...
Netgate Pfsense 2.4.4
1 Github repository
NA
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated malicious users to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Netgate Pfsense 2.7.0
4.3
CVSSv2
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
Netgate Pfsense 2.4.4
1 EDB exploit
5
CVSSv2
CVE-2018-20798
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for malicious users to bypass intended access restrictions.
Netgate Pfsense 2.4.4
5
CVSSv2
CVE-2018-20799
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for ...
Netgate Pfsense 2.4.4
6.8
CVSSv2
CVE-2019-16667
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
Netgate Pfsense 2.4.4
6.8
CVSSv2
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
4.3
CVSSv2
CVE-2019-8953
The HAProxy package prior to 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Netgate Haproxy
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »