Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-11457
pfSense prior to 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
Netgate Pfsense
383
VMScore
CVE-2014-4687
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter pa...
Netgate Pfsense
605
VMScore
CVE-2014-4691
Session fixation vulnerability in pfSense prior to 2.1.4 allows remote malicious users to hijack web sessions via a firewall login cookie.
Netgate Pfsense
383
VMScore
CVE-2015-6509
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableen...
Netgate Pfsense
383
VMScore
CVE-2015-6510
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, ...
Netgate Pfsense
383
VMScore
CVE-2015-6508
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.
Netgate Pfsense
383
VMScore
CVE-2015-6511
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.
Netgate Pfsense
383
VMScore
CVE-2015-2294
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense prior to 2.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) que...
Netgate Pfsense
685
VMScore
CVE-2015-2295
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense prior to 2.2.1 allows remote malicious users to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
Netgate Pfsense
1 EDB exploit
801
VMScore
CVE-2018-16055
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense prior to 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the ...
Netgate Pfsense
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »