Netgate

Pfsense

53 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2018-4021

Exploit
  • EPSS 86.45%
  • Published 03.12.2018 22:29:00
  • Last modified 21.11.2024 04:06:31

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An ...

7.2

CVE-2018-4020

Exploit
  • EPSS 85.97%
  • Published 03.12.2018 22:29:00
  • Last modified 21.11.2024 04:06:31

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An ...

7.2

CVE-2018-4019

Exploit
  • EPSS 85.97%
  • Published 03.12.2018 22:29:00
  • Last modified 21.11.2024 04:06:31

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An ...

9

CVE-2018-16055

  • EPSS 13.5%
  • Published 26.09.2018 22:29:00
  • Last modified 21.11.2024 03:52:00

An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents...

8.8

CVE-2017-1000479

Exploit
  • EPSS 18.99%
  • Published 03.01.2018 18:29:00
  • Last modified 21.11.2024 03:04:49

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-REL...

4.3

CVE-2015-6511

  • EPSS 0.09%
  • Published 18.08.2015 15:59:10
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.

4.3

CVE-2015-6510

  • EPSS 0.09%
  • Published 18.08.2015 15:59:09
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (...

4.3

CVE-2015-6509

  • EPSS 0.09%
  • Published 18.08.2015 15:59:08
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstat...

4.3

CVE-2015-6508

  • EPSS 1.3%
  • Published 18.08.2015 15:59:07
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.

4.3

CVE-2015-4029

Exploit
  • EPSS 1.3%
  • Published 18.08.2015 15:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.