CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3 matches found

Prion•added 2018/01/03 6:29 p.m.•10 views

Design/Logic Flaw

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not...

6.8CVSS8.6AI score0.18994EPSS

Exploits2References6Affected Software2

Exploit DB•added 2017/12/14 12:0 a.m.•33 views

pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...

7.4AI score

Exploits0

Metasploit•added 2017/11/22 10:6 a.m.•42 views

Clickjacking Vulnerability In CSRF Error Page pfSense

This module exploits a Clickjacking vulnerability in pfSense 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick Koster', 'Payload'...

8.8CVSS7.7AI score0.18994EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by