EUVD-2019-8384

Malware in sbrugna...

pfSense freeradius3 package cross-site scripting vulnerability

pfSense is a network firewall based on FreeBSD Linux. freeradius3 package is a Remote User Dial-In Authentication Service RADIUS package used in it. A cross-site scripting vulnerability exists in the /usr/local/www/freeradiusviewconfig.php file in versions of pfSense freeradius3 package prior to...

CVE-2019-18667

/usr/local/www/freeradiusviewconfig.php in the freeradius3 package before 0.15.73 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser...

Default credentials

/usr/local/www/freeradiusviewconfig.php in the freeradius3 package before 0.15.73 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser...

CVE-2019-18667

/usr/local/www/freeradiusviewconfig.php in the freeradius3 package before 0.15.73 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser...

freeradius3 -- insufficient validation on packets

Jouni Malinen reports: The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected...