VYPR

Vendor CVEs

Netgate

All CVEs

54 total · sorted by risk
  • CVE-2014-4691Jul 2, 2014
    risk 0.00cvss epss 0.03

    Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie.

  • CVE-2014-4690Jul 2, 2014
    risk 0.00cvss epss 0.04

    Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup…

  • CVE-2014-4689Jul 2, 2014
    risk 0.00cvss epss 0.03

    Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.

  • CVE-2014-4687Jul 2, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter…

Page 2 of 2