NotCVE - vendor:"Pfsense" product:"Pfsense" version:"1.2.2"

Page 3 of 38 results (0.008 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6510

https://notcve.org/view.php?id=CVE-2015-6510

18 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to inter... • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6509

https://notcve.org/view.php?id=CVE-2015-6509

18 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) s... • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6508

https://notcve.org/view.php?id=CVE-2015-6508

18 Aug 2015 — Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. Vulnerabilidad de XSS en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro descr en una 'nueva' acción a system_authservers.php. • https://redmine.pfsense.org/issues/4698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 58%CPEs: 1EXPL: 2

CVE-2015-4029

https://notcve.org/view.php?id=CVE-2015-4029

18 Aug 2015 — Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. Vulnerabilidad de XSS en el WebGUI en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de zona en una acción del a services_captiveportal_zones.php. • http://seclists.org/fulldisclosure/2015/Jul/66 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 67%CPEs: 1EXPL: 4

CVE-2015-2294 – pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting

https://notcve.org/view.php?id=CVE-2015-2294

25 Mar 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries... • https://packetstorm.news/files/id/131022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 78%CPEs: 1EXPL: 4

CVE-2015-2295 – pfSense 2.2 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2015-2295

25 Mar 2015 — Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. Vulnerabilidad de CSRF en system_firmware_restorefullbackup.php en la GUI web en pfSense anterior a 2.2.1 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan ficheros arbitrarios a través de... • https://packetstorm.news/files/id/131022 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3

CVE-2014-4688 – pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection

https://notcve.org/view.php?id=CVE-2014-4688

02 Jul 2014 — pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php. pfSense anterior a 2.1.4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través del valor (1) hostname en diag_dns.php en una acción Crear Alias, (2) smartmonemail en diag_smart.php, o (3) database en status_rrd_graph_img.php. pfSen... • https://packetstorm.news/files/id/145909 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-4692

https://notcve.org/view.php?id=CVE-2014-4692

02 Jul 2014 — pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. pfSense anterior a 2.1.4, cuando HTTP está utilizado, no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a... • https://pfsense.org/security/advisories/pfSense-SA-14_12.webgui.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-4695

https://notcve.org/view.php?id=CVE-2014-4695

02 Jul 2014 — Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php. Múltiples vulnerabilidades de redirección abierta en el paquete Snort anterior a 3.0.13 para pfSense hasta 2.1.4 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataqu... • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-4691

https://notcve.org/view.php?id=CVE-2014-4691

02 Jul 2014 — Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie. Vulnerabilidad de fijación de sesión en pfSense anterior a 2.1.4 permite a atacantes remotos secuestrar sesiones web a través de una cookie de inicio de sesión firewall. • https://pfsense.org/security/advisories/pfSense-SA-14_12.webgui.asc •

1 2 3 4