Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-6511
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.
Netgate Pfsense
9
CVSSv2
CVE-2018-16055
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense prior to 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the ...
Netgate Pfsense
6.5
CVSSv2
CVE-2018-4019
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
6.5
CVSSv2
CVE-2018-4020
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
6.5
CVSSv2
CVE-2018-4021
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
NA
CVE-2023-42325
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote malicious user to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
Netgate Pfsense 2.7.0
NA
CVE-2023-42327
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote malicious user to gain privileges via a crafted URL to the getserviceproviders.php page.
Netgate Pfsense 2.7.0
4.3
CVSSv2
CVE-2019-12949
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a ser...
Netgate Pfsense 2.4.4
1 Github repository
4.3
CVSSv2
CVE-2010-4412
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote malicious users to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.p...
Bsdperimeter Pfsense 2.0
4 EDB exploits
NA
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated malicious users to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Netgate Pfsense 2.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »