CVE-2023-48123
https://notcve.org/view.php?id=CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. Un problema en Netgate pfSense Plus v.23.05.1 y anteriores y pfSense CE v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada al archivo packet_capture.php. • https://github.com/NHPT/CVE-2023-48123 https://docs.netgate.com/downloads/pfSense-SA-23_11.webgui.asc https://github.com/pfsense/pfsense/commit/f72618c4abb61ea6346938d0c93df9078736b775 https://redmine.pfsense.org/issues/14809 •
CVE-2023-42325
https://notcve.org/view.php?id=CVE-2023-42325
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a través de una URL manipulada para la página status_logs_filter_dynamic.php. • https://docs.netgate.com/downloads/pfSense-SA-23_09.webgui.asc https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-42326
https://notcve.org/view.php?id=CVE-2023-42326
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php. • https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-42327
https://notcve.org/view.php?id=CVE-2023-42327
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a través de una URL manipulada para la página getserviceproviders.php. • https://docs.netgate.com/downloads/pfSense-SA-23_08.webgui.asc https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-29975
https://notcve.org/view.php?id=CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes cambiar la contraseña de cualquier usuario sin verificación. • https://www.esecforte.com/cve-2023-29975-unverified-password-changed • CWE-287: Improper Authentication •