49 matches found
CVE-2019-12347
CVE-2019-12347 affects pfSense 2.4.4-p3 via a stored XSS in the ACME package: attackers can inject payloads into the Name or Description fields of acme_accountkeys_edit.php due to input validation errors. The issue originates from improper validation in the ACME package’s account key editing work...
CVE-2019-16667
pfSense 2.4.4-p3 is affected by a Cross‑Site Request Forgery vulnerability in diag_command.php. The issue allows CSRF via the txtCommand or txtRecallBuffer fields, with evidence describing exploitation as OS commands being executed due to csrf_callback() returning a “CSRF token expired” error and...
CVE-2019-16915
pfSense up to 2.4.4-p3 is affected by a vulnerability in widgets/widgets/picture.widget.php where the widgetkey parameter is used directly (e.g., via basename) to construct a pathname for file_get_contents or file_put_contents without proper sanitization. This enables unrestricted access to local...
CVE-2019-16914
PfSense up to version 2.4.4-p3 contains an XSS vulnerability in services_captiveportal_mac.php where the username and delmac parameters are displayed without sanitization. This is documented across multiple sources (NVD, Red Hat, CNVD, OSV, etc.). Root cause: lack of input sanitization in the cap...
CVE-2023-27253
pfSense pfSense v2.7.0 is affected by CVE-2023-27253 through a command injection in restore_rrddata() that lets an authenticated user cause arbitrary OS commands by altering the contents of config.xml. Affected component is the restore_rrddata() function; the vulnerability is exploited via crafte...
CVE-2014-4688
PfSense
CVE-2022-24299
The CVE-2022-24299 issue affects pfSense CE (versions prior to 2.6.0) and pfSense Plus (prior to 22.01); it is an Improper Input Validation vulnerability that lets a privileged attacker who can modify OpenVPN client/server settings execute arbitrary commands. This is documented across multiple so...
CVE-2019-12585
CVE-2019-12585 affects apcupsd 0.3.91_5 (used in pfSense up to 2.4.4-RELEASE-p3) and other products. The issue is an Arbitrary Command Execution via apcupsd_status.php. Public sources (NVD/Red Hat OSV/Red Hat CVE pages) describe the vulnerability as a command-injection style flaw with network acc...
CVE-2022-26019
The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...
CVE-2024-46538
PfSense 2.5.2 is affected by CVE-2024-46538: a stored XSS in interfaces_groups_edit.php arises from lack of filtering in the $pconfig variable, enabling injection of scripts. The vulnerability can lead to arbitrary command execution by leveraging diag_command.php, with PoCs available; exploitatio...
CVE-2015-2295
PfSense WebGUI (pfSense before 2.2.1) is affected by CVE-2015-2295 due to CSRF in system_firmware_restorefullbackup.php, enabling an attacker to hijack admin authentication and issue deletefile requests that can remove arbitrary files with root privileges. Several connected advisories corroborate...
CVE-2019-12949
CVE-2019-12949 affects pfSense 2.4.4-p2 and 2.4.4-p3. An authenticated admin can be lured into clicking a phishing-page button, triggering XSS via diag_command.php and rrd_fetch_json.php (timePeriod parameter) that uploads arbitrary executable code to the server. The attacker can then run command...
CVE-2019-16701
CVE-2019-16701 affects pfSense 2.3.4 through 2.4.4-p3. The issue is a Remote Code Injection via a methodCall XMLRPC payload containing shell metacharacters in a pfsense.exec_php parameter, allowing an authenticated user to execute OS commands. Red Hat, NVD, OSV, CNVD and related feeds corroborate...
CVE-2015-2294
pfSense before 2.2.1 is affected by multiple WebGUI XSS vulnerabilities (CVE-2015-2294) and a CSRF issue (CVE-2015-2295). The root cause is insufficient validation/sanitization of user-supplied input across many parameters (zone, if/dragtable, queue, id, and various filterlogentries_*; plus syste...
CVE-2023-48123
CVE-2023-48123 : An issue in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. The NVD and OSV entries describe it as a remote, unauthenticated code execution with network acce...
CVE-2020-21219
CVE-2020-21219 : Affected software is Netgate pfSense 2.4.4-Release-p3 with the Netgate ACME package 0.6.3. The vulnerability is a Cross Site Scripting (XSS) in the RootFolder field of the ACME package’s acme_certificate_edit.php, allowing remote attackers to run arbitrary code. The connected sou...
CVE-2020-11457
PfSense present a stored XSS (via the descr field) in the WebGUI’s User Manager addprivs flow. Affected product: pfSense prior to 2.4.5; root cause: lack of input validation in system_usermanager_addprivs.php allowing arbitrary script payloads to be stored as a user’s Full Name. Impact: potential...
CVE-2019-12584
CVE-2019-12584 and CVE-2019-12585 affect apcupsd 0.3.91_5 used in pfSense through 2.4.4-RELEASE-p3 and other products. CVE-12584 is an XSS in apcupsd_status.php; CVE-12585 is Arbitrary Command Execution in the same file. The connected documents confirm the issues but do not provide exploit detail...
CVE-2015-1414
CVE-2015-1414 is a known IGMP processing integer‑overflow vulnerability in FreeBSD and kfreebsd-9 prior to certain patch levels (8.4 p24, 9.x before 9.3 p10, 10.0 before p18, 10.1 before p6). A crafted IGMP packet can trigger incorrect size calculation and insufficient memory allocation, leading ...
CVE-2019-11816
CVE-2019-11816 affects the WebUI of OPNsense prior to 19.1.8 and pfSense prior to 2.4.4-p3. The root cause is incorrect access control, allowing remote authenticated users to escalate privileges to administrator via a specially crafted request. Affected products: OPNsense (WebUI) and pfSense (Web...
CVE-2017-1000479
pfSense
CVE-2022-29273
CVE-2022-29273 affects pfSense CE up to version 2.6.0 and pfSense Plus up to 22.04/22.05; it enables cross-site scripting in the WebGUI via URL Table Alias URL parameters. The available connected docs confirm the flaw and affected versions; there are no explicit exploit details. Remediation prese...
CVE-2015-6508
CVE-2015-6508 is an XSS vulnerability in pfSense prior to 2.2.3. It allows remote attackers to inject arbitrary script/HTML via the descr parameter in the new action of system_authservers.php. Multiple connected sources (NVD, Red Hat, CNVD, Nessus/PfSense advisories) corroborate this entry. Affec...
CVE-2020-19201
CVE-2020-19201 describes a stored XSS in pfSense WebGUI’s status_filter_reload.php affecting Netgate pfSense 2.4.4-p2 and earlier. The vulnerability arises because output from the filter reload process isn’t encoded, enabling an attacker to inject script via the descr parameter on NAT rules. Conn...
CVE-2023-42325
CVE-2023-42325 describes a Cross Site Scripting (XSS) flaw in Netgate pfSense v2.7.0 that can allow an authenticated admin to gain privileges via a crafted URL to status_logs_filter_dynamic.php. Public sources confirm affected versions include pfSense CE 2.7.0 and below, with patches released: pf...
CVE-2018-16055
pfSense before 2.4.4 is affected by an authenticated command injection in status_interfaces.php (dhcp_relinquish_lease()). User input from POST parameters ifdescr and ipv is passed to a shell without escaping, allowing an authenticated WebGUI user with privileges on the page to execute commands a...
CVE-2018-4020
PfSense CE 2.4.4-RELEASE is affected by three command-injection vulnerabilities in POST handlers of system_advanced_misc.php, via powerd_normal_mode, powerd_ac_mode, and powerd_battery_mode parameters. The root cause is improper sanitization of these POST values, allowing an authenticated attacke...
CVE-2014-4692
CVE-2014-4692 affects pfSense prior to 2.1.4. The vulnerability is that the session cookie Set-Cookie header is not marked HTTPOnly when using HTTP, enabling potential script access to the cookie and exposure of sensitive data. There is no explicit exploitation detail in the provided documents, a...
CVE-2023-42326
pfSense 2.7.0 contains a remote code execution flaw via crafted requests to interfaces_gif_edit.php and interfaces_gre_edit.php due to lack of input validation. The issue allows an authenticated attacker to execute arbitrary commands. PoCs/escalation tools exist (GitHub PoCs) and show command inj...
CVE-2015-6510
pfSense
CVE-2018-4019
Netgate pfSense CE 2.4.4-RELEASE is affected by three remote command-injection vulnerabilities in the POST handling of system_advanced_misc.php (powerd_normal_mode, powerd_ac_mode, powerd_battery_mode). An attacker must authenticate to the pfSense web admin interface to exploit these via crafted ...
CVE-2014-4691
CVE-2014-4691 affects pfSense before 2.1.4, where a session fixation vulnerability allows remote attackers to hijack web sessions via a firewall login cookie. The provided documents confirm the affected product version and the underlying issue (session fixation) but do not supply explicit remedia...
CVE-2015-4029
pfSense WebGUI CVE-2015-4029 is an XSS in the captive portal zones management page. The flaw arises in services_captiveportal_zones.php when the zone parameter is used during a del action, enabling remote attackers to inject script/HTML into a victim’s browser. Affected releases are pfSense prior...
CVE-2014-4695
The CVE-2014-4695 issue affects the Snort package prior to 3.0.13 used with pfSense up to version 2.1.4. The vulnerability is a set of open redirect flaws that allow remote attackers to redirect users to arbitrary sites and facilitate phishing via two parameters: referer in snort_rules_flowbits.p...
CVE-2018-4021
The CVE-2018-4021 entry concerns Netgate pfSense CE 2.4.4-RELEASE and describes a command injection vulnerability in the POST parameter powerd_battery_mode (and relatedly in powerd_normal_mode and powerd_ac_mode per TALOS). An attacker who can send authenticated POST requests to the pfSense web G...
CVE-2020-19203
pfSense WebGUI authenticated XSS (CVE-2020-19203) affects wake_on_lan_widget.php in 2.4.4-p2 and earlier. The widget fails to encode the descr field of wake-on-LAN entries, allowing stored XSS. Affected component: widgets/wake_on_lan_widget.php (pfSense WebGUI). Impact: potential script execution...
CVE-2014-4687
pfSense is affected by CVE-2014-4687: multiple XSS vulnerabilities in pfSense before 2.1.4. Exploitable via five vectors: (1) starttime0 parameter in firewall_schedule.php, (2) rssfeed parameter in rss.widget.php, (3) servicestatusfilter parameter in services_status.widget.php, (4) txtRecallBuffe...
CVE-2015-6509
pfSense exposes multiple reflected XSS vulnerabilities (CVE-2015-6509) in the web GUI prior to version 2.2.3. The flaws allow remote attackers to inject arbitrary web script/HTML through numerous parameters across system_advanced_misc.php, system_advanced_firewall.php, and system_advanced_notific...
CVE-2018-20798
pfSense 2.4.4_1 is affected by CVE-2018-20798 due to an expiretable configuration that creates block durations incompatible with sshguard, potentially allowing bypass of access restrictions. The issue is described in the NVD entry for the CVE and echoed by Nessus notes referencing pfSense 2.4.4-p...
CVE-2020-10797
CVE-2020-10797 affects pfSense before 2.4.5. A cross-site scripting (XSS) vulnerability exists in the hostname field of diag_ping.php; after inputs are passed to the command and the command executes, the $result variable is not sanitized before being printed. Public references corroborate the XSS...
CVE-2014-4689
CVE-2014-4689 affects pfSense before version 2.1.4. The vulnerability is an absolute path traversal in the web interface’s pkg_edit.php, allowing remote attackers to read arbitrary XML files by supplying a full pathname in the xml parameter. The issue is rooted in improper validation of the input...
CVE-2014-4690
PfSense is vulnerable to CVE-2014-4690 (and related listed CVEs) due to multiple directory traversal flaws present in pfSense prior to version 2.1.4. Specifically, an attacker can read arbitrary .info files via a crafted path to pkg_mgr_install.php (pkg parameter) and read arbitrary files via the...
CVE-2014-4694
CVE-2014-4694 refers to multiple XSS vulnerabilities in the pfSense Suricata package, specifically in suricata_select_alias.php. The issue affects Suricata before 1.0.6 for pfSense up through version 2.1.4. The root cause is insufficient input sanitization on unspecified variables, enabling remot...
CVE-2015-6511
The CVE-2015-6511 entry concerns pfSense prior to version 2.2.3, where a cross-site scripting (XSS) vulnerability exists in the web GUI. The underlying issue is a script injection via the server[] parameter to services_ntpd.php, enabling remote attackers to inject arbitrary web script or HTML. Pu...
CVE-2020-21487
pfSense 2.4.4 with ACME package 0.6.3 is affected by a Cross-Site Scripting (XSS) vulnerability that can allow an attacker to execute arbitrary code via the RootFolder field in acme_certificates.php. This vulnerability is described across multiple feeds as a XSS issue affecting Netgate pfSense 2....
CVE-2023-42327
CVE-2023-42327 is a Cross-Site Scripting (XSS) vulnerability in Netgate pfSense v2.7.0 that allows an attacker to gain privileges by delivering a crafted URL to getserviceproviders.php. The NVD entry lists CVSS v3.1 base score 5.4 (Network, Low attack complexity, Privileges required: Low, User in...
CVE-2018-20799
Summary: pfSense 2.4.4_1 is affected by CVE-2018-20799, where blocking decisions based on HTTPS authentication failures do not align with SSH authentication handling (per sshguard documentation). This inconsistency may enable bypassing access restrictions. The NVD CVSSv3 vector evaluates to HIGH ...
CVE-2014-4693
CVE-2014-4693 involves multiple XSS vulnerabilities in the pfSense Snort package prior to 3.0.13 (affecting pfSense versions up to 2.1.4). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified var...
CVE-2014-4696
CVE-2014-4696 describes multiple open redirect vulnerabilities in the Suricata package for pfSense, affected versions up to 1.0.6 (pfSense through 2.1.4). The issue allows remote attackers to redirect users to arbitrary sites via two parameters: referer in suricata_rules_flowbits.php and returl i...