NotCVE - vendor:"Netgate" product:"Pfsense" version:"2.2.1"

Page 3 of 25 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6509

https://notcve.org/view.php?id=CVE-2015-6509

18 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) s... • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6510

https://notcve.org/view.php?id=CVE-2015-6510

18 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to inter... • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6511

https://notcve.org/view.php?id=CVE-2015-6511

18 Aug 2015 — Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. Vulnerabilidad de XSS en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro the server[] a services_ntpd.php. • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 2

CVE-2015-4029

https://notcve.org/view.php?id=CVE-2015-4029

18 Aug 2015 — Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. Vulnerabilidad de XSS en el WebGUI en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de zona en una acción del a services_captiveportal_zones.php. • http://seclists.org/fulldisclosure/2015/Jul/66 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0

CVE-2015-1414 – Debian Security Advisory 3175-2

https://notcve.org/view.php?id=CVE-2015-1414

26 Feb 2015 — Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. Desbordamiento de enteros en FreeBSD anterior a 8.4 p24, 9.x anterior a 9.3 p10. 10.0 anterior a p18, y 10.1 anterior a p6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete IGMP, lo que provoca un ... • http://www.debian.org/security/2015/dsa-3175 •

1 2 3