Lucene search
+L

11 matches found

cve
cve
added 2019/09/26 5:38 p.m.139 views

CVE-2019-16915

pfSense up to 2.4.4-p3 is affected by a vulnerability in widgets/widgets/picture.widget.php where the widgetkey parameter is used directly (e.g., via basename) to construct a pathname for file_get_contents or file_put_contents without proper sanitization. This enables unrestricted access to local...

9.8CVSS9.3AI score0.0374EPSS
cve
cve
added 2019/09/26 5:38 p.m.115 views

CVE-2019-16914

PfSense up to version 2.4.4-p3 contains an XSS vulnerability in services_captiveportal_mac.php where the username and delmac parameters are displayed without sanitization. This is documented across multiple sources (NVD, Red Hat, CNVD, OSV, etc.). Root cause: lack of input sanitization in the cap...

6.1CVSS5.9AI score0.02004EPSS
cve
cve
added 2022/03/31 7:21 a.m.99 views

CVE-2022-24299

The CVE-2022-24299 issue affects pfSense CE (versions prior to 2.6.0) and pfSense Plus (prior to 22.01); it is an Improper Input Validation vulnerability that lets a privileged attacker who can modify OpenVPN client/server settings execute arbitrary commands. This is documented across multiple so...

8.8CVSS8.7AI score0.01857EPSS
cve
cve
added 2019/06/03 2:28 a.m.95 views

CVE-2019-12585

CVE-2019-12585 affects apcupsd 0.3.91_5 (used in pfSense up to 2.4.4-RELEASE-p3) and other products. The issue is an Arbitrary Command Execution via apcupsd_status.php. Public sources (NVD/Red Hat OSV/Red Hat CVE pages) describe the vulnerability as a command-injection style flaw with network acc...

9.8CVSS9.6AI score0.0503EPSS
cve
cve
added 2022/03/31 7:21 a.m.93 views

CVE-2022-26019

The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...

8.8CVSS8.8AI score0.04229EPSS
cve
cve
added 2019/06/03 2:27 a.m.74 views

CVE-2019-12584

CVE-2019-12584 and CVE-2019-12585 affect apcupsd 0.3.91_5 used in pfSense through 2.4.4-RELEASE-p3 and other products. CVE-12584 is an XSS in apcupsd_status.php; CVE-12585 is Arbitrary Command Execution in the same file. The connected documents confirm the issues but do not provide exploit detail...

6.1CVSS6.2AI score0.02558EPSS
cve
cve
added 2020/04/01 3:47 p.m.74 views

CVE-2020-11457

PfSense present a stored XSS (via the descr field) in the WebGUI’s User Manager addprivs flow. Affected product: pfSense prior to 2.4.5; root cause: lack of input validation in system_usermanager_addprivs.php allowing arbitrary script payloads to be stored as a user’s Full Name. Impact: potential...

5.4CVSS5.2AI score0.09282EPSS
cve
cve
added 2023/02/22 12:0 a.m.72 views

CVE-2022-29273

CVE-2022-29273 affects pfSense CE up to version 2.6.0 and pfSense Plus up to 22.04/22.05; it enables cross-site scripting in the WebGUI via URL Table Alias URL parameters. The available connected docs confirm the flaw and affected versions; there are no explicit exploit details. Remediation prese...

6.1CVSS6AI score0.59562EPSS
cve
cve
added 2018/09/26 10:0 p.m.64 views

CVE-2018-16055

pfSense before 2.4.4 is affected by an authenticated command injection in status_interfaces.php (dhcp_relinquish_lease()). User input from POST parameters ifdescr and ipv is passed to a shell without escaping, allowing an authenticated WebGUI user with privileges on the page to execute commands a...

9CVSS6.5AI score0.11191EPSS
cve
cve
added 2021/07/12 3:39 p.m.52 views

CVE-2020-19203

pfSense WebGUI authenticated XSS (CVE-2020-19203) affects wake_on_lan_widget.php in 2.4.4-p2 and earlier. The widget fails to encode the descr field of wake-on-LAN entries, allowing stored XSS. Affected component: widgets/wake_on_lan_widget.php (pfSense WebGUI). Impact: potential script execution...

5.4CVSS5.1AI score0.0105EPSS
cve
cve
added 2020/04/29 1:29 p.m.50 views

CVE-2020-10797

CVE-2020-10797 affects pfSense before 2.4.5. A cross-site scripting (XSS) vulnerability exists in the hostname field of diag_ping.php; after inputs are passed to the command and the command executes, the $result variable is not sanitized before being printed. Public references corroborate the XSS...

6.1CVSS6.1AI score0.02333EPSS