Netgate pfSense CE 代码注入漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE prior to version 2.8.0 beta, which stems from improperly cleaned user...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE prior to version 2.8.0 beta, which stems from a cross-site...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2024-57273

CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...

PT-2025-21161 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue is related to Cross Site Scripting XSS in the widgets/log.widget.php file. This...

CVE-2024-54780

CVE-2024-54780 affects Netgate pfSense CE (prior to 2.8.0 beta) and corresponding Plus builds. The vulnerability is a command-injection flaw in the OpenVPN widget caused by improper sanitization of user-supplied input to the OpenVPN management interface, enabling an authenticated attacker to inje...

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

pfSense Login Scanner

This module performs login attempts against a Netgate pfSense router webpage to bruteforce possible credentials. Module Options msf use auxiliary/scanner/http/pfsenselogin msf auxiliarypfsenselogin show actions ...actions... msf auxiliarypfsenselogin set ACTION msf auxiliarypfsenselogin show...

Exploit for Cross-site Scripting in Netgate Pfsense

Thanks to physicszqhttps://github.com/physicszq/webissue/b...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 Updated Exploit - pfBlockerNG = 2.1.426 U...

CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense_Plus

CVE-2023-27100 - pfSense Anti-brute force protection bypass...

EulerOS Virtualization 2.11.0 : python-paramiko (EulerOS-SA-2024-1635)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...