CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Prion•added 2018/01/22 4:29 a.m.•14 views

Design/Logic Flaw

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the statusrrdgraphimg.php graph parameter, related to rrdgraphimg.php...

9CVSS7.6AI score0.81338EPSS

Exploits3References4Affected Software1

NVD•added 2018/01/22 4:29 a.m.•10 views

CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the statusrrdgraphimg.php graph parameter, related to rrdgraphimg.php...

9CVSS8.7AI score0.81338EPSS

Exploits3References4

0day.today•added 2018/01/15 12:0 a.m.•33 views

pfSense < 2.1.4 - status_rrd_graph_img.php Command Injection Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: pfSense = 2.1.3 statusrrdgraphimg.php Command Injection. Date: 2018-01-12 Exploit Author: absolomb Vendor Homepage: https://www.pfsense.org/ Software Link: https://atxfiles.pfsense.org/mirror/downloads/old/...

6.5CVSS6.5AI score0.01751EPSS

Exploits5

Check Point Advisories•added 2016/05/30 12:0 a.m.•0 views

ESF pfSense status_rrd_graph_img.php Command Injection

A Command Injection vulnerability has been reported in ESF pfSense. This vulnerability is due to statusrrdgraphimg.php incorrectly validating the graph HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the statusrrdgraphimg.php URI...

2.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by