CVE-2020-10797
https://notcve.org/view.php?id=CVE-2020-10797
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. Una vulnerabilidad de tipo XSS reside en el campo hostname de la página diag_ping.php en pfsense versiones anteriores a 2.4.5. Después de pasar las entradas al comando y ejecutar este comando, la variable $result no es saneada antes de ser impresa. • https://docs.netgate.com/pfsense/en/latest/releases/2-4-5-new-features-and-changes.html https://github.com/pfsense/pfsense/commit/cc3990a334059018b004c91eeb66c147d8afe83d https://redmine.pfsense.org/issues/10355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-11457 – pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11457
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. pfSense versiones anteriores a 2.4.5, presenta una vulnerabilidad de tipo XSS almacenado en el archivo system_usermanager_addprivs.php en la WebGUI por medio del parámetro descr (también se conoce como full name) de un usuario. pfSense version 2.4.4-P3 suffers from a User Manager persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/48300 http://packetstormsecurity.com/files/157104/pfSense-2.4.4-P3-User-Manager-Cross-Site-Scripting.html https://github.com/pfsense/pfsense/commit/3c1e53dabe966f27c9097a5a923e77f49ae5fffa https://www.netgate.com/assets/downloads/advisories/pfSense-SA-20_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-16914
https://notcve.org/view.php?id=CVE-2019-16914
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. Se descubrió un problema de tipo XSS en pfSense versiones hasta 2.4.4-p3. En el archivo services_captiveportal_mac.php, los parámetros username y delmac se muestran sin saneamiento. • https://github.com/pfsense/pfsense/commit/d31362b69d5d52dc196dc72f66e830cd1e6e9a4f https://redmine.pfsense.org/issues/9609 https://www.seebug.org/vuldb/ssvid-98023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-16915
https://notcve.org/view.php?id=CVE-2019-16915
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents. Se descubrió un problema en pfSense versiones hasta 2.4.4-p3. El archivo widgets/widgets/picture.widget.php utiliza el parámetro widgetkey directamente sin saneamiento (por ejemplo, una llamada basename) para un nombre de ruta en file_get_contents o file_put_contents. • https://github.com/pfsense/pfsense/commit/2c544ac61ce98f716d50b8e5961d7dfba66804b5 https://redmine.pfsense.org/issues/9610 https://www.seebug.org/vuldb/ssvid-98024 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-16701 – Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
https://notcve.org/view.php?id=CVE-2019-16701
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. pfSense versiones de 2.3.4 hasta 2.4.4-p3, permite la inyección de código remota por medio de un documento XML de MethodCall con una llamada del archivo pfsense.exec_php que contiene metacaracteres de shell en un valor de parámetro. • https://www.exploit-db.com/exploits/47413 http://packetstormsecurity.com/files/154587/pfSense-2.3.4-2.4.4-p3-Remote-Code-Injection.html https://github.com/pfsense/pfsense/commits/master https://hackernews.blog/pfsense-2-3-4-2-4-4-p3-remote-code-injection/#more • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •