VYPR

Pfsense

by Pfsense

Source repositories

CVEs (48)

  • CVE-2015-6508Aug 18, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.

  • CVE-2014-4692Jul 2, 2014
    risk 0.00cvss epss 0.02

    pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

  • CVE-2014-4691Jul 2, 2014
    risk 0.00cvss epss 0.03

    Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie.

  • CVE-2014-4690Jul 2, 2014
    risk 0.00cvss epss 0.04

    Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup…

  • CVE-2014-4689Jul 2, 2014
    risk 0.00cvss epss 0.03

    Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.

  • CVE-2014-4687Jul 2, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter…

  • CVE-2011-5047Jan 3, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter.

  • CVE-2011-4197Jan 3, 2012
    risk 0.00cvss epss 0.02

    etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

Page 3 of 3