Lucene search
K

878 matches found

CVE
CVE
added 2015/08/18 3:0 p.m.51 views

CVE-2015-6509

pfSense exposes multiple reflected XSS vulnerabilities (CVE-2015-6509) in the web GUI prior to version 2.2.3. The flaws allow remote attackers to inject arbitrary web script/HTML through numerous parameters across system_advanced_misc.php, system_advanced_firewall.php, and system_advanced_notific...

4.3CVSS6.7AI score0.02053EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/08/18 3:0 p.m.20 views

CVE-2015-6511

Cross-site scripting XSS vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server parameter to servicesntpd.php...

6.7AI score0.02053EPSS
Exploits0References1
CVE
CVE
added 2015/08/18 3:0 p.m.55 views

CVE-2015-4029

pfSense WebGUI CVE-2015-4029 is an XSS in the captive portal zones management page. The flaw arises in services_captiveportal_zones.php when the zone parameter is used during a del action, enabling remote attackers to inject script/HTML into a victim’s browser. Affected releases are pfSense prior...

4.3CVSS6.5AI score0.20379EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2015/08/18 3:0 p.m.64 views

CVE-2015-6508

CVE-2015-6508 is an XSS vulnerability in pfSense prior to 2.2.3. It allows remote attackers to inject arbitrary script/HTML via the descr parameter in the new action of system_authservers.php. Multiple connected sources (NVD, Red Hat, CNVD, Nessus/PfSense advisories) corroborate this entry. Affec...

4.3CVSS6.5AI score0.02219EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/08/12 12:0 a.m.2 views

Electric Sheep Fencing Pfsense 'zone' Parameter Cross-Site Scripting Vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing Pfsense that stems from the program's failure to adequately filter user-submitted input. When a us...

6.7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/07/14 12:0 a.m.34 views

PFSense 2.2.2 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 II. BACKGROUND ------------------------- The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free...

Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.87 views

Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...

6.8CVSS0.1AI score0.65927EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2015/05/07 12:0 a.m.51 views

ESF pfSense webgui deletefile Directory Traversal (CVE-2015-2295)

A directory traversal vulnerability has been reported in Electric Sheep Fencing pfSense firewall. This vulnerability is due to insufficient validation of the deletefile HTTP request parameter in "/systemfirmwarerestorefullbackup.php". By convincing an authenticated user to click on a crafted link...

6.8CVSS2.5AI score0.65927EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2015/04/14 12:0 a.m.42 views

ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)

A cross-site scripting vulnerability has been reported in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the zone variable in the statuscaptiveportal page. A remote attacker can exploit the XSS vulnerability to execute arbitrary scripts in the user...

4.3CVSS2.5AI score0.24167EPSS
Exploits5
NVD
NVD
added 2015/04/10 3:0 p.m.20 views

CVE-2015-2295

Cross-site request forgery CSRF vulnerability in systemfirmwarerestorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter...

6.8CVSS7.1AI score0.65927EPSS
Exploits5References6
Prion
Prion
added 2015/04/10 3:0 p.m.20 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in systemfirmwarerestorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter...

6.8CVSS7.6AI score0.65927EPSS
Exploits5References6Affected Software1
CVE
CVE
added 2015/04/10 2:0 p.m.87 views

CVE-2015-2295

PfSense WebGUI (pfSense before 2.2.1) is affected by CVE-2015-2295 due to CSRF in system_firmware_restorefullbackup.php, enabling an attacker to hijack admin authentication and issue deletefile requests that can remove arbitrary files with root privileges. Several connected advisories corroborate...

6.8CVSS7.1AI score0.65927EPSS
Exploits5References6Affected Software1
Cvelist
Cvelist
added 2015/04/10 2:0 p.m.29 views

CVE-2015-2295

Cross-site request forgery CSRF vulnerability in systemfirmwarerestorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter...

7AI score0.65927EPSS
Exploits5References6
NVD
NVD
added 2015/04/01 2:59 p.m.17 views

CVE-2015-2294

Multiple cross-site scripting XSS vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 zone parameter to statuscaptiveportal.php; 2 if or 3 dragtable parameter to firewallrules.php; 4 queue parameter in an add action to...

4.3CVSS5.7AI score0.24167EPSS
Exploits5References6
Prion
Prion
added 2015/04/01 2:59 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 zone parameter to statuscaptiveportal.php; 2 if or 3 dragtable parameter to firewallrules.php; 4 queue parameter in an add action to...

4.3CVSS6AI score0.24167EPSS
Exploits5References6Affected Software1
Cvelist
Cvelist
added 2015/04/01 2:0 p.m.28 views

CVE-2015-2294

Multiple cross-site scripting XSS vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 zone parameter to statuscaptiveportal.php; 2 if or 3 dragtable parameter to firewallrules.php; 4 queue parameter in an add action to...

5.6AI score0.24167EPSS
Exploits5References6
CVE
CVE
added 2015/04/01 2:0 p.m.80 views

CVE-2015-2294

pfSense before 2.2.1 is affected by multiple WebGUI XSS vulnerabilities (CVE-2015-2294) and a CSRF issue (CVE-2015-2295). The root cause is insufficient validation/sanitization of user-supplied input across many parameters (zone, if/dragtable, queue, id, and various filterlogentries_*; plus syste...

4.3CVSS5.6AI score0.24167EPSS
Exploits5References6Affected Software1
Kaspersky
Kaspersky
added 2015/04/01 12:0 a.m.42 views

KLA10528 Code injection vulnerability in pfsense

Cross-site scripting vulnerabilities were found in pfSense. By exploiting these vulnerabilities malicious users can enject arbitrary sctip or HTML. These vulnerabilities can be exploited remotely via a specially designed parameters for web interface. Original advisories pfSense advisory...

4.3CVSS6.8AI score0.24167EPSS
Exploits5References3
0day.today
0day.today
added 2015/03/27 12:0 a.m.119 views

pfSense 2.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015...

6.8CVSS0.2AI score0.65927EPSS
Exploits6
exploitpack
exploitpack
added 2015/03/26 12:0 a.m.79 views

pfSense 2.2 - Multiple Vulnerabilities

pfSense 2.2 - Multiple Vulnerabilities Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5,...

6.8CVSS0.4AI score0.65927EPSS
Exploits6
Rows per page
Query Builder