CVE-2019-16667

diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...

CVE-2023-29289

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interactio...

Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. An input validation error vulnerability exists in Adobe Commerce that stems from the presence of incorrect input validation, resulting in security features being bypassed. Affected products and...

PT-2023-3179 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6 and earlier Adobe Commerce versions 2.4.5-p2 and earlier Adobe Commerce versions 2.4.4-p3 and earlier Description: The issue is related to an Incorrect Authorization vulnerability that could result in a security...

XML Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to XML Injection via the processing of specially crafted XML content. An attacker can read arbitrary files on the system by injecting malicious XML entities. Remediation Upgra...

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper handling of access controls. An attacker can bypass security features and impact the availability of a user's minor feature without...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper security checks during the authorization process. A low-privileged authenticated attacker can achieve minor information disclosure b...

pfSense < 2.4.4-p3 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is a version prior to 2.4.4-p3. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.41, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsiste...

pfSense 2.4.4-P3 - (User Manager) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457...

pfSense 2.4.4-P3 - &#039;User Manager&#039; Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

pfSense cross-site scripting vulnerability (CNVD-2019-43357)

pfsense is an open source routing and firewall software , based on freebsd system customization and development . A cross-site scripting vulnerability exists in pfSense 2.4.4-p3 and earlier versions. The vulnerability stems from the unverified display of the username and delmac parameters in...

pfSense Operating System Command Injection Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. An operating system command injection vulnerability exists in pfsense version 2.3.4 and 2.4.4-p3, which can be exploited by an attacker to execute operating system commands...