Lucene search
K

38 matches found

Cvelist
Cvelist
added 2022/12/20 12:0 a.m.37 views

CVE-2022-40624

pfSense pfBlockerNG through 2.1.427 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814...

10AI score0.17107EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/20 12:0 a.m.7 views

PT-2022-25424 · Pfsense · Pfblockerng

Name of the Vulnerable Software and Affected Versions: pfSense pfBlockerNG versions through 2.1.4 27 Description: The issue allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. Recommendations: For pfSense pfBlockerNG versions through 2.1.4 27, update to a...

9.8CVSS9.9AI score0.17107EPSS
Exploits1References5
CVE
CVE
added 2022/12/20 12:0 a.m.98 views

CVE-2022-40624

pfSense pfBlockerNG is vulnerable through pfBlockerNG versions up to 2.1.4_27 to OS command injection via the HTTP Host header, allowing remote execution with root privileges. The issue affects pfBlockerNG components handling Host header input and can lead to full compromise of affected systems (...

9.8CVSS9.7AI score0.17107EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.343 views

pfSense pfBlockerNG 2.1.4_26 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...

9.8CVSS0.87247EPSS
Exploits14
0day.today
0day.today
added 2022/10/17 12:0 a.m.224 views

pfSense pfBlockerNG 2.1.4_26 Shell Upload Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...

9.8CVSS0.87247EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 5:3 p.m.60 views

Metasploit Wrap-Up

Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...

6.8CVSS1.2AI score0.98253EPSS
Exploits68
Metasploit
Metasploit
added 2022/10/13 7:51 p.m.587 views

pfSense plugin pfBlockerNG unauthenticated RCE as root

pfBlockerNG is a popular pfSense plugin that is not installed by default. It's generally used to block inbound connections from whole countries or IP ranges. Versions 2.1.426 and below are affected by an unauthenticated RCE vulnerability that results in root access. Note that version 3.x is...

9.8CVSS8.4AI score0.87247EPSS
Exploits14
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.209 views

pfBlockerNG 2.1.4_26 Shell Upload

!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...

0.4AI score
Exploits0
0day.today
0day.today
added 2022/09/26 12:0 a.m.276 views

pfBlockerNG 2.1.4_26 Shell Upload Exploit

!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...

0.4AI score
Exploits0
GithubExploit
GithubExploit
added 2022/09/18 11:10 a.m.324 views

Exploit for OS Command Injection in Netgate Pfblockerng

SenselessViolence CVE-2022-31814 pfSense pfBlockerNG = 2.1.4...

9.8CVSS9.9AI score0.87247EPSS
Exploits14
OSV
OSV
added 2022/09/05 4:15 p.m.1 views

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

9.8CVSS6AI score0.87247EPSS
Exploits14References6
ATTACKERKB
ATTACKERKB
added 2022/09/05 4:15 p.m.5 views

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

9.8CVSS5.9AI score0.87247EPSS
Exploits14References8
Prion
Prion
added 2022/09/05 4:15 p.m.24 views

Design/Logic Flaw

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

7.5CVSS9.7AI score0.87247EPSS
Exploits14References4Affected Software1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.5 views

pfSense 操作系统命令注入漏洞

pfSense is a set of network firewalls for FreeBSD Linux. A security vulnerability exists in pfSense pfBlockerNG prior to version 2.1.426. A remote attacker could execute arbitrary operating system commands as root via shell metacharacters in the HTTP host header...

9.8CVSS8.8AI score0.87247EPSS
Exploits14References8
CVE
CVE
added 2022/09/05 12:0 a.m.163 views

CVE-2022-31814

pfBlockerNG for pfSense (pfBlockerNG) up to version 2.1.4_26 is vulnerable to OS command injection leading to root remote code execution via shell metacharacters in the HTTP Host header. 3.x is unaffected. Affected component: pfBlockerNG (pfSense package). Exploitation has been demonstrated in pu...

9.8CVSS9.7AI score0.87247EPSS
In wildExploits14References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.5 views

PT-2022-20948 · Unknown · Pfsense Pfblockerng

Name of the Vulnerable Software and Affected Versions: pfSense pfBlockerNG versions 2.1.4 26 and earlier Description: The issue allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. It is estimated that over 388,000 devices may be...

9.8CVSS10AI score0.87247EPSS
Exploits14References26
Cvelist
Cvelist
added 2022/09/05 12:0 a.m.37 views

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

10AI score0.87247EPSS
Exploits14References6
Vulnrichment
Vulnrichment
added 2022/09/05 12:0 a.m.28 views

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

7.8AI score0.87247EPSS
Exploits14References6
Rows per page
Query Builder