7 matches found
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
!/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/old/ Version: =2.1.3 Tested on: FreeBSD 8.3-RELEASE-p16 CV...
pfSense < 2.1.4 - status_rrd_graph_img.php Command Injection Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/old/...
pfSense 2.1.4 - status_rrd_graph_img.php Command Injection
pfSense 2.1.4 - statusrrdgraphimg.php Command Injection !/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/ol...
pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection
!/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/old/ Version: =2.1.3 Tested on: FreeBSD 8.3-RELEASE-p16 CV...
PfSense命令注入漏洞
漏洞简介 该漏洞的编号为CVE-2014-4688,存在于PfSense的2.1.3以及更低版本中。该漏洞源于php程序中没有对用户的输入值进行严格的校验,导致用户恶意输入达到命令执行函数时会产生严重后果。其中,diagdns.php, diagsmart.php, statusrrdgraphimg.php三个脚本文件受到该漏洞的影响。 漏洞分析 在diagdns.php中,用户提交的host值经过处理后将传到dig变量中执行。攻击者通过构造host值执行任意命令。...
PfSense command injection vulnerability analysis-vulnerability warning-the black bar safety net
In this article, we will introduce in PfSense 2. 1. 3 and the lower version in the CVE-2 0 1 4-4 6 8 8 vulnerability; the higher the version, pfSense has fixed this vulnerability. 0x01 Diagdns. php script command injection vulnerability Shown below is the script diagdns. in php there is a command...
CVE-2014-4688
PfSense