Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4689
Absolute path traversal vulnerability in pkg_edit.php in pfSense prior to 2.1.4 allows remote malicious users to read arbitrary XML files via a full pathname in the xml parameter.
Netgate Pfsense
NA
CVE-2014-4690
Multiple directory traversal vulnerabilities in pfSense prior to 2.1.4 allow (1) remote malicious users to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadba...
Netgate Pfsense
NA
CVE-2014-4691
Session fixation vulnerability in pfSense prior to 2.1.4 allows remote malicious users to hijack web sessions via a firewall login cookie.
Netgate Pfsense
NA
CVE-2014-4693
Multiple cross-site scripting (XSS) vulnerabilities in the Snort package prior to 3.0.13 for pfSense up to and including 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to...
Netgate Pfsense
Netgate Pfsense 2.1.3
Pfsense Snort Package
NA
CVE-2014-4694
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package prior to 1.0.6 for pfSense up to and including 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via unspecified variables.
Pfsense Suricata Package
Netgate Pfsense 2.1.3
Netgate Pfsense
NA
CVE-2014-4695
Multiple open redirect vulnerabilities in the Snort package prior to 3.0.13 for pfSense up to and including 2.1.4 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) th...
Pfsense Snort Package
Netgate Pfsense 2.1.3
Netgate Pfsense
NA
CVE-2014-4692
pfSense prior to 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Netgate Pfsense
NA
CVE-2014-4696
Multiple open redirect vulnerabilities in the Suricata package prior to 1.0.6 for pfSense up to and including 2.1.4 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (...
Netgate Pfsense
Pfsense Suricata Package
Netgate Pfsense 2.1.3
NA
CVE-2011-5047
Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense prior to 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via the style parameter.
Pfsense Pfsense 1.2.3
Pfsense Pfsense 1.2.2
Pfsense Pfsense 1.2.1
Pfsense Pfsense 1.0.x
Pfsense Pfsense
NA
CVE-2011-4197
etc/inc/certs.inc in the PKI implementation in pfSense prior to 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote malicious users to create sub-certificates for arbitrary subjects by leveraging the private key.
Pfsense Pfsense
Pfsense Pfsense 1.2.3
Pfsense Pfsense 1.2.2
Pfsense Pfsense 1.2.1
Pfsense Pfsense 1.0.x
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »