7 matches found
CVE-2019-16667
diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...
Adobe Commerce 输入验证错误漏洞
Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. An input validation error vulnerability exists in Adobe Commerce that stems from the presence of incorrect input validation, resulting in security features being bypassed. Affected products and...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper security checks during the authorization process. A low-privileged authenticated attacker can achieve minor information disclosure b...
XML Injection
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to XML Injection via the processing of specially crafted XML content. An attacker can read arbitrary files on the system by injecting malicious XML entities. Remediation Upgra...
pfSense < 2.4.4-p3 Multiple Vulnerabilities
According to its self-reported version number, the remote pfSense install is a version prior to 2.4.4-p3. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.41, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsiste...
pfSense cross-site scripting vulnerability (CNVD-2019-43357)
pfsense is an open source routing and firewall software , based on freebsd system customization and development . A cross-site scripting vulnerability exists in pfSense 2.4.4-p3 and earlier versions. The vulnerability stems from the unverified display of the username and delmac parameters in...
pfSense Operating System Command Injection Vulnerability
pfSense is a set of network firewalls based on FreeBSD Linux. An operating system command injection vulnerability exists in pfsense version 2.3.4 and 2.4.4-p3, which can be exploited by an attacker to execute operating system commands...