CVE-2021-41282 – pfSense 2.5.2 Shell Upload
https://notcve.org/view.php?id=CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. El archivo diag_routes.php en pfSense versión 2.5.2, permite una inyección de datos sed. • http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html https://www.shielder.it/advisories https://www.shielder.it/advisories/pfsense-remote-command-execution • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-23993
https://notcve.org/view.php?id=CVE-2022-23993
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. /usr/local/www/pkg.php en pfSense CE antes de 2.6.0 y pfSense Plus antes de 22.01 utiliza $_REQUEST['pkg_filter'] en una llamada de eco de PHP, lo que provoca XSS • https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-19201
https://notcve.org/view.php?id=CVE-2020-19201
A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en status_filter_reload.php, una página de la WebGUI del software pfSense, en la versión 2.4.4-p2 de Netgate pfSense y anteriores. La página no codificaba la salida del proceso de recarga del filtro, y era posible un XSS almacenado a través del parámetro descr (descripción) en las reglas NAT • https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html https://gist.github.com/dharmeshbaskaran/fd3779006361d07651a883e8a040d916 https://www.pfsense.org/download • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-19203
https://notcve.org/view.php?id=CVE-2020-19203
An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr (description) parameter of wake-on-LAN entries in its output, leading to a possible stored XSS. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) autentificada en widgets/widgets/wake_on_lan_widget.php, un componente de la WebGUI del software pfSense, en la versión 2.4.4-p2 y anteriores. El widget no codificaba el parámetro descr (descripción) de las entradas de wake-on-LAN en su salida, lo que conducía a un posible XSS almacenado • https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html https://gist.github.com/dharmeshbaskaran/55d546496bfb0ba28117e846d8b785db https://www.netgate.com/assets/downloads/advisories/pfSense-SA-19_04.webgui.asc https://www.pfsense.org/download • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-26693
https://notcve.org/view.php?id=CVE-2020-26693
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en pfSense versión 2.4.5-p1, que permite a un atacante autentificado ejecutar scripts web arbitrarios por medio de la explotación de la función load_balancer_monitor.php • https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •