Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.8 views

CVE-2026-2035

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

6.8CVSS6.5AI score0.01535EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 11:16 p.m.6 views

CVE-2026-2035

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

6.8CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2026/02/20 11:16 p.m.8 views

CVE-2026-2035

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

6.8CVSS0.01535EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 10:13 p.m.5 views

CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

6.8CVSS7.1AI score0.01535EPSS
Exploits0References2
OSV
OSV
added 2026/02/15 2:16 p.m.4 views

CVE-2019-25368

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

5.4CVSS5.6AI score
Exploits0References4
CVE
CVE
added 2026/02/15 1:58 p.m.12 views

CVE-2019-25368

OPNsense 19.1 contains cross-site scripting vulnerabilities in the diag_backup.php endpoint. The issue allows injection of malicious scripts via multiple parameters (e.g., GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextc...

5.4CVSS5.5AI score0.00132EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25368

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...

5.4CVSS5.5AI score0.00132EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.11 views

PT-2026-8240

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive GDriveEmail, GDrive GDriveFolderID, GDrive GDriveBackupCount, Nextcloud url, Nextcloud user, Nextcloud...

5.4CVSS5.5AI score0.00132EPSS
Exploits1References5
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.8 views

Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files. The issue results from the lack of...

6.8CVSS6.2AI score0.01535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.6 views

CVE-2025-13698

Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...

4.5CVSS4.8AI score0.00461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.3 views

PT-2023-26727 · Opnsense · Opnsense Community Edition +1

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A command injection issue in the diag backup.php component allows attackers to execute arbitrary commands via a crafted backup...

9.8CVSS9.8AI score0.02977EPSS
Exploits1References6
CNVD
CNVD
added 2016/04/20 12:0 a.m.4 views

pfSense Firewall Cross-Site Request Forgery Vulnerability

pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. pfSense suffers from a cross-site request forgery vulnerability. diagbackup.php does not validate all functions sufficiently. Allows an attacker to upload malicious files...

7AI score
Exploits0References1
Rows per page
Query Builder