20 matches found
Pfsense CE Security Vulnerability
pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in Pfsense CE version 2.6.0 that originates from allowing an attacker to change any user's password without authentication...
pfSense 2.4.4-p3 Cross Site Request Forgery
Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...
pfSense 2.4.4-p3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freeb...
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...
pfSense cross-site scripting vulnerability (CNVD-2019-16508)
pfSense is a set of network firewalls based on FreeBSD Linux. A cross-site scripting vulnerability exists in version 2.4.4-p3 of pfSense, which stems from the lack of proper validation of client-side data by a WEB application. An attacker can exploit this vulnerability to execute client-side code...
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
pfSense 2.4.4-p3 ACME Package 0.5914 - Persistent Cross-Site Scripting Exploit Title: pfSense 2.4.4-p3 ACMEPackage 0.5.71 - Stored Cross-Site Scripting Date: 05.28.2019 Exploit Author: Chi Tran Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p3/0.5.71 Software Link: N/A Google Dork: N/A...
pfSense Access Restriction Bypass Vulnerability (CNVD-2019-08722)
pfSense is a set of network firewalls based on FreeBSD Linux. A security signature issue vulnerability exists in pfSense version 2.4.41. A remote attacker can exploit this vulnerability to bypass access restrictions...
CVE-2018-20798
The expiretable configuration in pfSense 2.4.41 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions...
pfSense Firewall Detection
Binary data 700074.prm...
pfSense Firewall <= 2.2.6 - Services CSRF
No description provided by source...
pfSense Firewall Cross-Site Request Forgery Vulnerability (CNVD-2016-02624)
pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. A cross-site request forgery vulnerability exists in pfSense. Due to insufficient script validation of HTTP requests, a remote attacker can spoof a logged-in administrator to access malicious w...
pfSense Firewall Cross-Site Request Forgery Vulnerability
pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. pfSense suffers from a cross-site request forgery vulnerability. diagbackup.php does not validate all functions sufficiently. Allows an attacker to upload malicious files...
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery Exploit Title: pfSense Firewall Stop NTPD service: Restart NTPD service: POC: input type="submit" value...
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery
Exploit for php platform in category web applications Exploit Title: pfSense Firewall Stop NTPD service: Restart NTPD service: POC: input type="hidden" na...
pfSense Firewall 2.2.5 Cross Site Request Forgery
function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"; xhr.setRequestHeader"Accept-Language", "en-US,en;q=0.5";...
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"; xhr.setRequestHeader"Accept-Language", "en-US,en;q=0.5";...
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
Exploit for php platform in category web applications function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://192.168.0.103/diagbackup.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
Electric Sheep Fencing pfsense cross-site scripting vulnerability (CNVD-2015-05673)
Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing pfsense, which can be exploited by remote attackers to inject arbitrary Web script or HTML...
pfSense 2.1 Inclusion / Traversal / Escalation
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Exploit Title: pfSense 2.1 Privilege Escalation from less privileged users LFI/RCE Date: 25/01/2014 0-day Exploit Author: @u0x Pichaya Morimoto Software Link: www.pfsense.org Category: Local...