14 matches found
EUVD-2014-4614
Malware in sbrugna...
EUVD-2014-4612
Malware in sbrugna...
CVE-2025-34173
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34173
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34173
Summary: CVE-2025-34173 affects pfSense CE Snort package (snort_ip_reputation.php). The iplist parameter is not sanitized against directory traversal when checking if a file exists, enabling an authenticated attacker (WebCfg - Snort) to determine whether files exist and enumerate files on the tar...
CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
PT-2025-36940
Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /usr/local/www/snort/snort ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg...
Open redirect
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the referer parameter to snortrulesflowbits.php or 2 the returl parameter to snortselectalias.php...
CVE-2014-4695
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via 1 the referer parameter to snortrulesflowbits.php or 2 the returl parameter to snortselectalias.php...
CVE-2014-4695
The CVE-2014-4695 issue affects the Snort package prior to 3.0.13 used with pfSense up to version 2.1.4. The vulnerability is a set of open redirect flaws that allow remote attackers to redirect users to arbitrary sites and facilitate phishing via two parameters: referer in snort_rules_flowbits.p...
CVE-2014-4693
CVE-2014-4693 involves multiple XSS vulnerabilities in the pfSense Snort package prior to 3.0.13 (affecting pfSense versions up to 2.1.4). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified var...
Fedora 10 : snort-2.8.5.1-1.fc10 (2009-10751)
Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS crash while printing specially crafted IPv6 packet using the -v option Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...
Debian: Security Advisory (DSA-297)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...