CVE-2020-19678
https://notcve.org/view.php?id=CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. • http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 https://pastebin.com/8dj59053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-4694
https://notcve.org/view.php?id=CVE-2014-4694
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables. Múltiples vulnerabilidades de XSS en suricata_select_alias.php en el paquete Suricata anterior a 1.0.6 para pfSense hasta 2.1.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de variables no especificadas. • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4696
https://notcve.org/view.php?id=CVE-2014-4696
Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php. Múltiples vulnerabilidades de redirección abierta en el paquete Suricata anterior a 1.0.6 para pfSense hasta 2.1.4 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través del parámetro (1) referer en suricata_rules_flowbits.php o (2) returl en suricata_select_alias.php. • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc •