CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2011-4197
https://notcve.org/view.php?id=CVE-2011-4197
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. etc/inc/certs.inc en la implementación de PKI pfSense antes de v2.0.1, crea cada certificado X.509 con un valor verdadero para la restricción básica de CA, lo que permite a atacantes remotos crear sub-certificados para temas de su elección aprovechando la clave privada. • http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html http://secunia.com/advisories/46780 http://www.osvdb.org/77982 http://www.securityfocus.com/bid/51169 https://exchange.xforce.ibmcloud.com/vulnerabilities/71969 https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894 https://www.trustmatta.com/advisories/MATTA-2011-001.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2010-4246 – pfSense 2 Beta 4 - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4246
Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en graph.php en pfSense v1.2.3 y v2 beta v4 permite a atacantes remotos ejecutar código web o HTML de su elección a través de los parámetros (1) ifnum o (2) ifname, una vulnerabilidad diferente a CVE-2008-1182. • https://www.exploit-db.com/exploits/34985 http://openwall.com/lists/oss-security/2010/11/22/18 http://openwall.com/lists/oss-security/2010/11/24/7 http://seclists.org/fulldisclosure/2010/Nov/43 http://secunia.com/advisories/42138 http://www.securityfocus.com/bid/44738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4412 – pfSense - 'interfaces.php?if' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4412
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en pfSense v2 beta 4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro id en una acción olsrd.xml a pkg_edit.php, (2) el parámetro xml a pkg.php, o el parámetro if a (3) status_graph.php o (4) interfaces.php. Se trata de una vulnerabilidad diferente de CVE-2008-1182 y CVE-2010-4246. • https://www.exploit-db.com/exploits/35071 https://www.exploit-db.com/exploits/35069 https://www.exploit-db.com/exploits/35068 https://www.exploit-db.com/exploits/35070 http://openwall.com/lists/oss-security/2010/11/22/18 http://openwall.com/lists/oss-security/2010/11/24/7 http://openwall.com/lists/oss-security/2010/12/06/7 http://seclists.org/fulldisclosure/2010/Nov/43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1182
https://notcve.org/view.php?id=CVE-2008-1182
Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en BSD Perimeter pfSense antes de 1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://blog.pfsense.org/?p=170 http://secunia.com/advisories/29126 http://www.securityfocus.com/bid/28072 https://exchange.xforce.ibmcloud.com/vulnerabilities/40967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •