Lucene search
K

878 matches found

Prion
Prion
added 2014/07/02 10:35 a.m.18 views

Path traversal

Absolute path traversal vulnerability in pkgedit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter...

5CVSS7.1AI score0.02811EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/07/02 10:35 a.m.16 views

Directory traversal

Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow 1 remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkgmgrinstall.php and allow 2 remote authenticated users to read arbitrary files via the downloadbackup parameter to...

5CVSS6.9AI score0.03501EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/07/02 10:35 a.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...

4.3CVSS6.1AI score0.01661EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/07/02 10:35 a.m.20 views

Session fixation

Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie...

6.8CVSS7.1AI score0.02562EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.16 views

CVE-2014-4694

Multiple cross-site scripting XSS vulnerabilities in suricataselectalias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables...

5.9AI score0.01661EPSS
Exploits0References1
CVE
CVE
added 2014/07/02 10:0 a.m.51 views

CVE-2014-4687

pfSense is affected by CVE-2014-4687: multiple XSS vulnerabilities in pfSense before 2.1.4. Exploitable via five vectors: (1) starttime0 parameter in firewall_schedule.php, (2) rssfeed parameter in rss.widget.php, (3) servicestatusfilter parameter in services_status.widget.php, (4) txtRecallBuffe...

4.3CVSS5.9AI score0.01661EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/07/02 10:0 a.m.42 views

CVE-2014-4696

CVE-2014-4696 describes multiple open redirect vulnerabilities in the Suricata package for pfSense, affected versions up to 1.0.6 (pfSense through 2.1.4). The issue allows remote attackers to redirect users to arbitrary sites via two parameters: referer in suricata_rules_flowbits.php and returl i...

5.8CVSS7.1AI score0.02067EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2014/07/02 10:0 a.m.56 views

CVE-2014-4691

CVE-2014-4691 affects pfSense before 2.1.4, where a session fixation vulnerability allows remote attackers to hijack web sessions via a firewall login cookie. The provided documents confirm the affected product version and the underlying issue (session fixation) but do not supply explicit remedia...

6.8CVSS6.8AI score0.02562EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.16 views

CVE-2014-4696

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the referer parameter to suricatarulesflowbits.php or 2 the returl parameter to...

6.9AI score0.02067EPSS
Exploits0References1
CVE
CVE
added 2014/07/02 10:0 a.m.54 views

CVE-2014-4695

The CVE-2014-4695 issue affects the Snort package prior to 3.0.13 used with pfSense up to version 2.1.4. The vulnerability is a set of open redirect flaws that allow remote attackers to redirect users to arbitrary sites and facilitate phishing via two parameters: referer in snort_rules_flowbits.p...

5.8CVSS7.1AI score0.02067EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.19 views

CVE-2014-4695

Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the referer parameter to snortrulesflowbits.php or 2 the returl parameter to snortselectalias.php...

6.9AI score0.02067EPSS
Exploits0References1
CVE
CVE
added 2014/07/02 10:0 a.m.48 views

CVE-2014-4689

CVE-2014-4689 affects pfSense before version 2.1.4. The vulnerability is an absolute path traversal in the web interface’s pkg_edit.php, allowing remote attackers to read arbitrary XML files by supplying a full pathname in the xml parameter. The issue is rooted in improper validation of the input...

5CVSS6.8AI score0.02811EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.23 views

CVE-2014-4692

pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6AI score0.02109EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.19 views

CVE-2014-4690

Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow 1 remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkgmgrinstall.php and allow 2 remote authenticated users to read arbitrary files via the downloadbackup parameter to...

6.4AI score0.03501EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.23 views

CVE-2014-4689

Absolute path traversal vulnerability in pkgedit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter...

6.6AI score0.02811EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.23 views

CVE-2014-4691

Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie...

6.5AI score0.02562EPSS
Exploits0References1
CVE
CVE
added 2014/07/02 10:0 a.m.42 views

CVE-2014-4693

CVE-2014-4693 involves multiple XSS vulnerabilities in the pfSense Snort package prior to 3.0.13 (affecting pfSense versions up to 2.1.4). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified var...

4.3CVSS6AI score0.01661EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2014/07/02 10:0 a.m.48 views

CVE-2014-4690

PfSense is vulnerable to CVE-2014-4690 (and related listed CVEs) due to multiple directory traversal flaws present in pfSense prior to version 2.1.4. Specifically, an attacker can read arbitrary .info files via a crafted path to pkg_mgr_install.php (pkg parameter) and read arbitrary files via the...

5CVSS6.6AI score0.03501EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.22 views

CVE-2014-4693

Multiple cross-site scripting XSS vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the eng parameter to snortimportaliases.php or 2 unspecified variables to snortselectalias.php...

5.9AI score0.01661EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/07/02 10:0 a.m.25 views

CVE-2014-4687

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...

5.7AI score0.01661EPSS
Exploits0References1
Rows per page
Query Builder