CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-11457 – pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11457
01 Apr 2020 — pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. pfSense versiones anteriores a 2.4.5, presenta una vulnerabilidad de tipo XSS almacenado en el archivo system_usermanager_addprivs.php en la WebGUI por medio del parámetro descr (también se conoce como full name) de un usuario. pfSense version 2.4.4-P3 suffers from a User Manager persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/157104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-16914
https://notcve.org/view.php?id=CVE-2019-16914
26 Sep 2019 — An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. Se descubrió un problema de tipo XSS en pfSense versiones hasta 2.4.4-p3. En el archivo services_captiveportal_mac.php, los parámetros username y delmac se muestran sin saneamiento. • https://github.com/pfsense/pfsense/commit/d31362b69d5d52dc196dc72f66e830cd1e6e9a4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-16915
https://notcve.org/view.php?id=CVE-2019-16915
26 Sep 2019 — An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. Se descubrió un problema en pfSense versiones hasta 2.4.4-p3. El archivo widgets/widgets/picture.widget.php utiliza el parámetro widgetkey directamente sin saneamiento (por ejemplo, una llamada basename) para un nombre de ruta en file_get_contents o file_put_contents. • https://github.com/pfsense/pfsense/commit/2c544ac61ce98f716d50b8e5961d7dfba66804b5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-12585
https://notcve.org/view.php?id=CVE-2019-12585
03 Jun 2019 — Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. Apcupsd versión 0.3.91_5, como de costumbre en pfSense hasta versión 2.4.4-RELEASE-p3 y otros productos, tiene un problema de ejecución de comandos arbitrarios en el archivo apcupsd_status.ph • https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-12584
https://notcve.org/view.php?id=CVE-2019-12584
03 Jun 2019 — Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. Apcupsd versión 0.3.91_5, como es usado en pfSense hasta versión 2.4.4-RELEASE-p3 y otros productos, tiene un problema de tipo Cross-Site Scripting (XSS) en el archivo apcupsd_status.php. • https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11816
https://notcve.org/view.php?id=CVE-2019-11816
20 May 2019 — Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. El control de acceso incorrecto en la WebUI en OPNsense antes de la versión 19.1.8, y pfsense antes de 2.4.4-p3 permite a los usuarios autenticados remotos escalar los privilegios a administrador a través de una solicitud especialmente diseñada. • https://forum.opnsense.org/index.php?topic=12787.0 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16055
https://notcve.org/view.php?id=CVE-2018-16055
26 Sep 2018 — An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address ... • https://doddsecurity.com/190/command-injection-on-pfsense-firewalls • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 76%CPEs: 1EXPL: 4CVE-2016-10709
https://notcve.org/view.php?id=CVE-2016-10709
22 Jan 2018 — pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. pfSense, en versiones anteriores a la 2.3, permite que usuarios autenticados remotos ejecuten comandos arbitrarios del sistema operativo mediante un carácter "|" en el parámetro de gráfica status_rrd_graph_img.php, relacionado con _rrd_graph_img.php. • https://github.com/wetw0rk/Exploit-Development • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 2CVE-2017-1000479
https://notcve.org/view.php?id=CVE-2017-1000479
03 Jan 2018 — pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions. pfSense, en sus versiones 2.4.1... • http://www.openwall.com/lists/oss-security/2017/11/22/7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6511
https://notcve.org/view.php?id=CVE-2015-6511
18 Aug 2015 — Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. Vulnerabilidad de XSS en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro the server[] a services_ntpd.php. • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •