Page 9 of 53 results (0.011 seconds)

CVSS: 6.8EPSS: 79%CPEs: 1EXPL: 3

Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. Vulnerabilidad de CSRF en system_firmware_restorefullbackup.php en la GUI web en pfSense anterior a 2.2.1 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan ficheros arbitrarios a través del parámetro deletefile. pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36506 http://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534987/100/0/threaded http://www.securityfocus.com/bid/73344 https://www.htbridge.com/advisory/HTB23251 https://www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.asc • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 86%CPEs: 1EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php. Múltiples vulnerabilidades de XSS en la GUI web en pfSense anterior a 2.2.1 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro zone en status_captiveportal.php; (2) del parámetro if o (3) dragtable en firewall_rules.php; (4) del parámetro queue en una acción de añadir en firewall_shaper.php; (5) del parámetro id en una acción de editar en services_unbound_acls.php; o (6) del parámetro filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, o (13) filterlogentries_qty en diag_logs_filter.php. pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534987/100/0/threaded http://www.securityfocus.com/bid/73344 https://www.exploit-db.com/exploits/36506 https://www.htbridge.com/advisory/HTB23251 https://www.pfsense.org/security/advisories/pfSense-SA-15_03.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0

Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. Desbordamiento de enteros en FreeBSD anterior a 8.4 p24, 9.x anterior a 9.3 p10. 10.0 anterior a p18, y 10.1 anterior a p6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete IGMP, lo que provoca un cálculo de tamaño incorrecto y una reserva de memoria insuficiente. • http://www.debian.org/security/2015/dsa-3175 http://www.securityfocus.com/bid/72777 http://www.securitytracker.com/id/1031798 https://kc.mcafee.com/corporate/index?page=content&id=SB10107 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc https://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.asc •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php. Múltiples vulnerabilidades de XSS en pfSense anterior a 2.1.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro starttime0 en firewall_schedule.php, (2) el parámetro rssfeed en rss.widget.php, (3) el parámetro servicestatusfilter en services_status.widget.php, (4) el parámetro txtRecallBuffer en exec.php, o (5) la cabecera HTTP Referer en log.widget.php. • https://pfsense.org/security/advisories/pfSense-SA-14_09.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables. Múltiples vulnerabilidades de XSS en suricata_select_alias.php en el paquete Suricata anterior a 1.0.6 para pfSense hasta 2.1.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de variables no especificadas. • https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •