Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-4687
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter pa...
Netgate Pfsense
6.5
CVSSv2
CVE-2014-4688
pfSense prior to 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Netgate Pfsense
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2014-4689
Absolute path traversal vulnerability in pkg_edit.php in pfSense prior to 2.1.4 allows remote malicious users to read arbitrary XML files via a full pathname in the xml parameter.
Netgate Pfsense
5
CVSSv2
CVE-2014-4690
Multiple directory traversal vulnerabilities in pfSense prior to 2.1.4 allow (1) remote malicious users to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadba...
Netgate Pfsense
6.8
CVSSv2
CVE-2014-4691
Session fixation vulnerability in pfSense prior to 2.1.4 allows remote malicious users to hijack web sessions via a firewall login cookie.
Netgate Pfsense
4.3
CVSSv2
CVE-2020-10797
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense prior to 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
Netgate Pfsense
4.3
CVSSv2
CVE-2015-6509
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableen...
Netgate Pfsense
4.3
CVSSv2
CVE-2014-4692
pfSense prior to 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Netgate Pfsense
4.3
CVSSv2
CVE-2015-6508
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.
Netgate Pfsense
4.3
CVSSv2
CVE-2015-6510
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, ...
Netgate Pfsense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »