CVE-2014-4689
CVE-2014-4689 affects pfSense before version 2.1.4. The vulnerability is an absolute path traversal in the web interface’s pkg_edit.php, allowing remote attackers to read arbitrary XML files by supplying a full pathname in the xml parameter. The issue is rooted in improper validation of the input...