19 matches found
CVE-2026-2035
The CVE-2026-2035 entry concerns Deciso OPNsense, specifically the diag_backup.php file. The flaw stems from insufficient validation of a user-supplied string before it is used in a system call, enabling a network-adjacent attacker to achieve remote code execution with root privileges. Exploitati...
CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
CVE-2019-25368 OPNsense 19.1 Reflected XSS via diag_backup.php
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
Deciso OPNsense 跨站脚本漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient parameter validation in the diagbackup.php endpoint,...
CVE-2025-13698
Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2025-13698
Deciso OPNsense diag_backup.php is affected by a directory traversal vulnerability in the backup handling path validation. Authenticated, network-adjacent attackers can create arbitrary files (in root context) by supplying a crafted path. The issue is tied to lack of proper validation in backup c...
CVE-2025-13698 Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability
Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2025-13698 Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability
Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...
EUVD-2023-42758
Malicious code in bioql PyPI...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
Deciso OPNsense Command Injection Vulnerability
Deciso OPNsense is a FreeBSD-based open source firewall and routing software from Dutch company Deciso. A command injection vulnerability exists in OPNsense versions prior to 23.7, which stems from a command injection vulnerability in the component diagbackup.php. An attacker can exploit this...
CVE-2023-39001
CVE-2023-39001 describes a command-injection vulnerability in the OPNSense component diag_backup.php. It affects OPNSense Community Edition prior to 23.7 and OPNSense Business Edition prior to 23.4.2, allowing an attacker to execute arbitrary commands via a crafted backup configuration file. The ...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
OPNsense < 19.1.1 - Cross-Site Scripting
Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19.1 Introduction OPNsense is an open...