11 matches found
CVE-2019-16915
pfSense up to 2.4.4-p3 is affected by a vulnerability in widgets/widgets/picture.widget.php where the widgetkey parameter is used directly (e.g., via basename) to construct a pathname for file_get_contents or file_put_contents without proper sanitization. This enables unrestricted access to local...
CVE-2019-16914
PfSense up to version 2.4.4-p3 contains an XSS vulnerability in services_captiveportal_mac.php where the username and delmac parameters are displayed without sanitization. This is documented across multiple sources (NVD, Red Hat, CNVD, OSV, etc.). Root cause: lack of input sanitization in the cap...
CVE-2022-24299
The CVE-2022-24299 issue affects pfSense CE (versions prior to 2.6.0) and pfSense Plus (prior to 22.01); it is an Improper Input Validation vulnerability that lets a privileged attacker who can modify OpenVPN client/server settings execute arbitrary commands. This is documented across multiple so...
CVE-2019-12585
CVE-2019-12585 affects apcupsd 0.3.91_5 (used in pfSense up to 2.4.4-RELEASE-p3) and other products. The issue is an Arbitrary Command Execution via apcupsd_status.php. Public sources (NVD/Red Hat OSV/Red Hat CVE pages) describe the vulnerability as a command-injection style flaw with network acc...
CVE-2022-26019
The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...
CVE-2019-12584
CVE-2019-12584 and CVE-2019-12585 affect apcupsd 0.3.91_5 used in pfSense through 2.4.4-RELEASE-p3 and other products. CVE-12584 is an XSS in apcupsd_status.php; CVE-12585 is Arbitrary Command Execution in the same file. The connected documents confirm the issues but do not provide exploit detail...
CVE-2020-11457
PfSense present a stored XSS (via the descr field) in the WebGUI’s User Manager addprivs flow. Affected product: pfSense prior to 2.4.5; root cause: lack of input validation in system_usermanager_addprivs.php allowing arbitrary script payloads to be stored as a user’s Full Name. Impact: potential...
CVE-2022-29273
CVE-2022-29273 affects pfSense CE up to version 2.6.0 and pfSense Plus up to 22.04/22.05; it enables cross-site scripting in the WebGUI via URL Table Alias URL parameters. The available connected docs confirm the flaw and affected versions; there are no explicit exploit details. Remediation prese...
CVE-2018-16055
pfSense before 2.4.4 is affected by an authenticated command injection in status_interfaces.php (dhcp_relinquish_lease()). User input from POST parameters ifdescr and ipv is passed to a shell without escaping, allowing an authenticated WebGUI user with privileges on the page to execute commands a...
CVE-2020-19203
pfSense WebGUI authenticated XSS (CVE-2020-19203) affects wake_on_lan_widget.php in 2.4.4-p2 and earlier. The widget fails to encode the descr field of wake-on-LAN entries, allowing stored XSS. Affected component: widgets/wake_on_lan_widget.php (pfSense WebGUI). Impact: potential script execution...
CVE-2020-10797
CVE-2020-10797 affects pfSense before 2.4.5. A cross-site scripting (XSS) vulnerability exists in the hostname field of diag_ping.php; after inputs are passed to the command and the command executes, the $result variable is not sanitized before being printed. Public references corroborate the XSS...