CVE-2017-1000479
https://notcve.org/view.php?id=CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions. pfSense, en sus versiones 2.4.1 y anteriores, es vulnerable a ataques de secuestro de clics en la página de error CSRF. Esto resulta en la ejecución con privilegios de código arbitrario. • http://www.openwall.com/lists/oss-security/2017/11/22/7 https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes https://github.com/opnsense/core/commit/d218b225 https://github.com/pfsense/pfsense/commit/386d89b07 https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html https://securify.nl/en/advisory/SFY20171101/clickjacking-vuln • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-6508
https://notcve.org/view.php?id=CVE-2015-6508
Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. Vulnerabilidad de XSS en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro descr en una 'nueva' acción a system_authservers.php. • https://redmine.pfsense.org/issues/4698 https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6509
https://notcve.org/view.php?id=CVE-2015-6509
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. Vulnerabilidad de XSS múltiple en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro proxypass a system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries o (6) del parámetro aliasesresolveinterval a system_advanced_firewall.php; (7) proxyurl, (8) proxyuser o (9) del parámetro proxyport a system_advanced_misc.php; o (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername o (19) del parámetro smtppassword a system_advanced_notifications.php. • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-4029
https://notcve.org/view.php?id=CVE-2015-4029
Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. Vulnerabilidad de XSS en el WebGUI en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de zona en una acción del a services_captiveportal_zones.php. • http://seclists.org/fulldisclosure/2015/Jul/66 https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6510
https://notcve.org/view.php?id=CVE-2015-6510
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. Vulnerabilidad de XSS múltiple en pfSense en versiones anteriores a 2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) srctrack, (2) use_mfs_tmp_size o (3) use_mfs_var_size a system_advanced_misc.php; del parámetro (4) port, (5) snaplen o (6) count a diag_packet_capture.php; del parámetro (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey o (10) wpa_gmk_rekey a interfaces.php; del parámetro (11) pppoe_resethour o (12) pppoe_resetminute a interfaces_ppps_edit.php; del parámetro (13) member[] a interfaces_qinq_edit.php; del parámetro (14) port o (15) retry a load_balancer_pool_edit.php; del parámetro (16) pkgrepourl a pkg_mgr_settings.php; del parámetro (17) zone a services_captiveportal.php; del parámetro port a (18) services_dnsmasq.php o (19) services_unbound.php; del parámetro (20) cache_max_ttl o (21) cache_min_ttl a services_unbound_advanced.php; del parámetro (22) sshport a system_advanced_a dmin.php; del parámetro (23) id, (24) tunable, (25) descr, o (26) value a system_advanced_sysctl.php; del parámetro (27) firmwareurl, (28) repositoryurl, o (29) branch a system_firmware_settings.php; del parámetro (30) pfsyncpeerip, (31) synchronizetoip, (32) username o (33) passwordfld a system_hasync.php; del parámetro (34) maxmss a vpn_ipsec_settings.php; del parámetro (35) ntp_server1, (36) ntp_server2, (37) wins_server1, o (38) wins_server2 a vpn_openvpn_csc.php; o parámetros no especificados a (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php o (42) load_balancer_relay_protocol_edit.php. • https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •