Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-20798
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for malicious users to bypass intended access restrictions.
Netgate Pfsense 2.4.4
578
VMScore
CVE-2018-4019
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
578
VMScore
CVE-2018-4020
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
435
VMScore
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
Netgate Pfsense 2.4.4
1 EDB exploit
720
VMScore
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
NA
CVE-2020-21219
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote malicious users to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.
Netgate Pfsense 2.4.4
Netgate Acme 0.6.3
694
VMScore
CVE-2015-1414
Integer overflow in FreeBSD prior to 8.4 p24, 9.x prior to 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote malicious users to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory...
Netgate Pfsense 2.2.1
Debian Debian Linux 7.0
Freebsd Freebsd 8.4
Freebsd Freebsd 9.0
Freebsd Freebsd 9.1
Freebsd Freebsd 9.2
Freebsd Freebsd 10.1
Freebsd Freebsd 9.3
Freebsd Freebsd 10.0
383
VMScore
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
NA
CVE-2015-22941
pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
NA
CVE-2015-22952
pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »