Lucene search
K

4 matches found

Prion
Prion
added 2018/01/03 6:29 p.m.13 views

Design/Logic Flaw

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...

6.8CVSS8.6AI score0.32767EPSS
Exploits2References6Affected Software2
Cvelist
Cvelist
added 2018/01/03 6:0 p.m.26 views

CVE-2017-1000479

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...

8.7AI score0.32767EPSS
Exploits2References6
Exploit DB
Exploit DB
added 2017/12/14 12:0 a.m.34 views

pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2017/11/22 10:6 a.m.47 views

Clickjacking Vulnerability In CSRF Error Page pfSense

This module exploits a Clickjacking vulnerability in pfSense 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick Koster', 'Payload'...

8.8CVSS7.7AI score0.32767EPSS
Exploits2
Rows per page
Query Builder