878 matches found
CVE-2014-4692
CVE-2014-4692 affects pfSense prior to 2.1.4. The vulnerability is that the session cookie Set-Cookie header is not marked HTTPOnly when using HTTP, enabling potential script access to the cookie and exposure of sensitive data. There is no explicit exploitation detail in the provided documents, a...
CVE-2014-4688
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via 1 the hostname value to diagdns.php in a Create Alias action, 2 the smartmonemail value to diagsmart.php, or 3 the database value to statusrrdgraphimg.php...
CVE-2014-4694
CVE-2014-4694 refers to multiple XSS vulnerabilities in the pfSense Suricata package, specifically in suricata_select_alias.php. The issue affects Suricata before 1.0.6 for pfSense up through version 2.1.4. The root cause is insufficient input sanitization on unspecified variables, enabling remot...
CVE-2014-4688
PfSense
pfSense 2.0.1 - XSS / CSRF / Remote Command Execution
No description provided by source...
pfSense 2.1 build 20130911-1816 - Directory Traversal
No description provided by source...
PFsense UTM Platform 2.0.1 XSS Vulnerability
No description provided by source. ???????????????????????????????????????????????????????????????????????????????? ? Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication ? Date: 04/01/2013 ? Author: Dimitris Strevinas ? Vendor or Software Link: www.pfsense.org ? Version: =...
pfSense Snort File Disclosure
File disclosure vulnerability in snortlogview.php Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
ESF pfSense webConfigurator firewall_aliases_edit.php Input Validation Error
An input validation error vulnerability exists in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of user supplied input when processing the addressN parameter in firewallaliasesedit.php. A remote authenticated attacker could exploit this vulnerability...
ESF pfSense Snort snort_log_view.php Information Disclosure
An information disclosure vulnerability exists in the pfSense Snort service. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could use this vulnerability to retrieve valuable information from the server...
pfSense 2.1 build 20130911-1816目录遍历漏洞
No description provided by source. Proof of Concept 1 : Arbitrary File Inclusion ====================================================================== GET /snort/snortlogview.php?logfile=/etc/passwd HTTP/1.1 Host: firewall1.pentestlab1:1337 Connection: keep-alive Accept:...
pfSense 2.1 build 20130911-1816 - Directory Traversal
pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities. | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Exploit Title: pfSense 2.1 Privilege Escalation from less privileged users...
pfSense 2.1 build 20130911-1816 - Directory Traversal
pfSense 2.1 build 20130911-1816 - Directory Traversal | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Exploit Title: pfSense 2.1 Privilege Escalation from less privileged users LFI/RCE Date: 25/01/2014 0-day Exploit Author: @u0x Pichaya...
pfSense 2.1 build 20130911-1816 - Directory Traversal
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Exploit Title: pfSense 2.1 Privilege Escalation from less privileged users LFI/RCE Date: 25/01/2014 0-day Exploit Author: @u0x Pichaya Morimoto Software Link: www.pfsense.org Category: Local...
pfSense 2.1 Inclusion / Traversal / Escalation
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Exploit Title: pfSense 2.1 Privilege Escalation from less privileged users LFI/RCE Date: 25/01/2014 0-day Exploit Author: @u0x Pichaya Morimoto Software Link: www.pfsense.org Category: Local...
PT-2023-11526 · Suricata +3 · Suricata +3
Name of the Vulnerable Software and Affected Versions: Pfsense version 2.1.3 Pfsense Suricata version 1.4.6 pkg version 1.0.1 Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the file parameter to the "suricata/suricata logs browser.php"...
PFsense UTM Platform 2.0.1 XSS / CSRF
┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.org │ Version: = 2.0.1 │ Category: Semi-Persistent X...
pfSense UTM Platform 2.0.1 - Cross-Site Scripting
pfSense UTM Platform 2.0.1 - Cross-Site Scripting ┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.or...
PFsense <= 2.0.1 XSS / CSRF Vulnerabilities
Exploit for freebsd platform in category web applications ┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link:...
pfSense UTM Platform 2.0.1 - Cross-Site Scripting
┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.org │ Version: = 2.0.1 │ Category: Semi-Persistent...