38 matches found
CVE-2022-40624
pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814...
PT-2022-25424 · Pfsense · Pfblockerng
Name of the Vulnerable Software and Affected Versions: pfSense pfBlockerNG versions through 2.1.4 27 Description: The issue allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. Recommendations: For pfSense pfBlockerNG versions through 2.1.4 27, update to a...
CVE-2022-40624
pfSense pfBlockerNG is vulnerable through pfBlockerNG versions up to 2.1.4_27 to OS command injection via the HTTP Host header, allowing remote execution with root privileges. The issue affects pfBlockerNG components handling Host header input and can lead to full compromise of affected systems (...
pfSense pfBlockerNG 2.1.4_26 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...
pfSense pfBlockerNG 2.1.4_26 Shell Upload Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...
Metasploit Wrap-Up
Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...
pfSense plugin pfBlockerNG unauthenticated RCE as root
pfBlockerNG is a popular pfSense plugin that is not installed by default. It's generally used to block inbound connections from whole countries or IP ranges. Versions 2.1.426 and below are affected by an unauthenticated RCE vulnerability that results in root access. Note that version 3.x is...
pfBlockerNG 2.1.4_26 Shell Upload
!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...
pfBlockerNG 2.1.4_26 Shell Upload Exploit
!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...
Exploit for OS Command Injection in Netgate Pfblockerng
SenselessViolence CVE-2022-31814 pfSense pfBlockerNG = 2.1.4...
CVE-2022-31814
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...
CVE-2022-31814
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...
Design/Logic Flaw
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...
pfSense 操作系统命令注入漏洞
pfSense is a set of network firewalls for FreeBSD Linux. A security vulnerability exists in pfSense pfBlockerNG prior to version 2.1.426. A remote attacker could execute arbitrary operating system commands as root via shell metacharacters in the HTTP host header...
CVE-2022-31814
pfBlockerNG for pfSense (pfBlockerNG) up to version 2.1.4_26 is vulnerable to OS command injection leading to root remote code execution via shell metacharacters in the HTTP Host header. 3.x is unaffected. Affected component: pfBlockerNG (pfSense package). Exploitation has been demonstrated in pu...
PT-2022-20948 · Unknown · Pfsense Pfblockerng
Name of the Vulnerable Software and Affected Versions: pfSense pfBlockerNG versions 2.1.4 26 and earlier Description: The issue allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. It is estimated that over 388,000 devices may be...
CVE-2022-31814
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...
CVE-2022-31814
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...