878 matches found
Path traversal
Absolute path traversal vulnerability in pkgedit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter...
Directory traversal
Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow 1 remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkgmgrinstall.php and allow 2 remote authenticated users to read arbitrary files via the downloadbackup parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...
Session fixation
Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie...
CVE-2014-4694
Multiple cross-site scripting XSS vulnerabilities in suricataselectalias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables...
CVE-2014-4687
pfSense is affected by CVE-2014-4687: multiple XSS vulnerabilities in pfSense before 2.1.4. Exploitable via five vectors: (1) starttime0 parameter in firewall_schedule.php, (2) rssfeed parameter in rss.widget.php, (3) servicestatusfilter parameter in services_status.widget.php, (4) txtRecallBuffe...
CVE-2014-4696
CVE-2014-4696 describes multiple open redirect vulnerabilities in the Suricata package for pfSense, affected versions up to 1.0.6 (pfSense through 2.1.4). The issue allows remote attackers to redirect users to arbitrary sites via two parameters: referer in suricata_rules_flowbits.php and returl i...
CVE-2014-4691
CVE-2014-4691 affects pfSense before 2.1.4, where a session fixation vulnerability allows remote attackers to hijack web sessions via a firewall login cookie. The provided documents confirm the affected product version and the underlying issue (session fixation) but do not supply explicit remedia...
CVE-2014-4696
Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the referer parameter to suricatarulesflowbits.php or 2 the returl parameter to...
CVE-2014-4695
The CVE-2014-4695 issue affects the Snort package prior to 3.0.13 used with pfSense up to version 2.1.4. The vulnerability is a set of open redirect flaws that allow remote attackers to redirect users to arbitrary sites and facilitate phishing via two parameters: referer in snort_rules_flowbits.p...
CVE-2014-4695
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the referer parameter to snortrulesflowbits.php or 2 the returl parameter to snortselectalias.php...
CVE-2014-4689
CVE-2014-4689 affects pfSense before version 2.1.4. The vulnerability is an absolute path traversal in the web interface’s pkg_edit.php, allowing remote attackers to read arbitrary XML files by supplying a full pathname in the xml parameter. The issue is rooted in improper validation of the input...
CVE-2014-4692
pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-4690
Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow 1 remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkgmgrinstall.php and allow 2 remote authenticated users to read arbitrary files via the downloadbackup parameter to...
CVE-2014-4689
Absolute path traversal vulnerability in pkgedit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter...
CVE-2014-4691
Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie...
CVE-2014-4693
CVE-2014-4693 involves multiple XSS vulnerabilities in the pfSense Snort package prior to 3.0.13 (affecting pfSense versions up to 2.1.4). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified var...
CVE-2014-4690
PfSense is vulnerable to CVE-2014-4690 (and related listed CVEs) due to multiple directory traversal flaws present in pfSense prior to version 2.1.4. Specifically, an attacker can read arbitrary .info files via a crafted path to pkg_mgr_install.php (pkg parameter) and read arbitrary files via the...
CVE-2014-4693
Multiple cross-site scripting XSS vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the eng parameter to snortimportaliases.php or 2 unspecified variables to snortselectalias.php...
CVE-2014-4687
Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...