Page 2 of 65 results (0.004 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes comprometer cuentas de usuario mediante requisitos de contraseña débiles. • https://www.esecforte.com/cve-2023-29974-weak-password-policy • CWE-521: Weak Password Requirements •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. Pfsense CE versión 2.6.0 es vulnerable a No rate limit, lo que puede llevar a que un atacante cree múltiples usuarios maliciosos en el firewall. • https://www.esecforte.com/cve-2023-29973-no-rate-limit • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. • http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 https://pastebin.com/8dj59053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. • https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8 https://redmine.pfsense.org/issues/9888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. pfsenseCE version 2.6.0 suffers from an anti-brute force protection bypass vulnerability. • https://www.exploit-db.com/exploits/51352 https://github.com/DarokNET/CVE-2023-27100 https://github.com/fabdotnet/CVE-2023-27100 http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc https://redmine.pfsense.org/issues/13574 • CWE-307: Improper Restriction of Excessive Authentication Attempts •