what you don't know can hurt you
Showing 1 - 25 of 32 RSS Feed

Files

pfSense 2.0.1 XSS / CSRF / Command Execution
Posted Jan 4, 2013
Authored by Yann CAM

pfSense version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities. The cross site request forgery proof of concept also demonstrates a remote command execution vulnerability.

tags | exploit, remote, vulnerability, xss, proof of concept, csrf
MD5 | 98ec38c0ae93ce39477f2d2e55d6c927

Related Files

pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
Posted Sep 24, 2019
Authored by Nassim Asrir

pfSense versions 2.3.4 and 2.4.4-p3 remote code injection exploit.

tags | exploit, remote
advisories | CVE-2019-16701
MD5 | 1485a12f9fba9a9672d4428c49ee27ce
pfSense 2.4.4-p3 Cross Site Scripting
Posted May 28, 2019
Authored by Chi Tran

pfSense version 2.4.4-p3 with ACMEPackage version 0.5.7_1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12347
MD5 | 201e068f480561654bc1a9ad85f752da
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting
Posted Mar 13, 2019
Authored by Gionathan Reale

pfSense version 2.4.4-p1 with HAProxy Package version 0.59_14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-8953
MD5 | 55f42125fc730ce936cc597d2991f1ec
pfSense 2.4.4-p1 Cross Site Scripting
Posted Jan 29, 2019
Authored by Ozer Goker

pfSense version 2.4.4-p1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 52e2a8776cd07b2f501073c93bbd8048
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
Posted Jan 15, 2018
Authored by absolomb

pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.

tags | exploit, php
advisories | CVE-2014-4688
MD5 | 0119ea7e4ed56c2dfa60e99cdbfcc55b
Using dnscat2 For Encrypted Command/Control Over DNS
Posted Jan 15, 2018
Authored by James Fell

The process of setting up and using dnscat2 is documented in this article. The tool consists of a Ruby server and a small C client, and can be used to quickly establish an encrypted covert channel between two computers over the Internet using DNS traffic. Once set up, the tool is evaluated by exfiltrating data out of a network that has a pfSense firewall at the perimeter blocking direct outbound DNS requests from client machines, and also running the Snort IDS. It is is seen that a reverse shell is successfully sent out of the network and no IDS alerts are generated.

tags | paper, shell, ruby
MD5 | 546258ea9351502c0d3aaad5bf6cfb05
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
Posted Dec 28, 2017
Authored by wetw0rk, Jared Stephens | Site metasploit.com

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

tags | exploit, remote, arbitrary, root, php
systems | bsd
MD5 | 9e31715f8e4cf15c616cd81794fa4e26
pfSense 2.4.1 CSRF Error Page Clickjacking
Posted Dec 13, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.

tags | exploit, arbitrary, root
MD5 | 88144d72abf1d2945664621d86be2cbc
pfSense 2.3.1_1 Remote Command Execution
Posted Nov 28, 2017
Authored by h00die, s4squatch

pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.

tags | exploit, remote, php
MD5 | e31f1a0a55167ae457e32b3a771f6c12
pfSense 2.4.1 Clickjacking
Posted Nov 23, 2017
Authored by Securify B.V.

pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.

tags | advisory, csrf
MD5 | d27cfffbd264ae18908fb4c5e7e89289
pfSense 2.3.1_1 Post-Authentication Command Execution
Posted Nov 7, 2017
Authored by s4squatch

pfSense versions 2.3.1_1 and below suffers from a post authentication command execution vulnerability.

tags | exploit
MD5 | d8d02e5d6eae4e7a40f0f83d102408ad
pfsense 2.3.2 Code Execution
Posted Mar 27, 2017
Authored by Tim Coen | Site curesec.com

pfsense version 2.3.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 4398de06e73854df8caec492ca62f7a5
pfsense 2.3.2 Cross Site Request Forgery
Posted Mar 27, 2017
Authored by Tim Coen | Site curesec.com

pfsense versions 2.3.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | e0aebdcf832a3eedba8cce38da046e50
pfsense 2.3.2 Cross Site Scripting
Posted Mar 27, 2017
Authored by Tim Coen | Site curesec.com

pfsense version 2.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 91b27769a0b09b6c9c42619e158b0977
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 3, 2017
Authored by Yann CAM

pfSense version 2.3.2 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist in gaining a reverse-shell remotely as root.

tags | exploit, shell, root, vulnerability, xss, csrf
MD5 | 8e0b5a8504ac3631cc0b658d6f10ed20
pfSense 2.3.1-RELEASE-p1 Squid 0.4.16_2 XSS / Log Manipulation
Posted Jun 17, 2016
Authored by Remco Sprooten

Squid version 0.4.16_2 running on pfSense version 2.3.1-RELEASE-p1 suffers from cross site scripting and log manipulation vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 41fd8ae67ca56c8d4751e24c16ce626c
PfSense Community Edition 2.2.6 CSRF / XSS / Command Injection
Posted Apr 15, 2016
Authored by Francesco Oddo | Site security-assessment.com

PfSense Community Edition versions 2.2.6 and below suffer from cross site scripting, code injection, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | c97dac67b99d8925ba2e60483a820d91
pfSense Firewall 2.2.5 Cross Site Request Forgery
Posted Jan 25, 2016
Authored by Aatif Shahdad

pfSense Firewall version 2.2.5 cross site request forgery exploit.

tags | exploit, csrf
MD5 | ca94da039d14675e106a05d46493ce2a
PFSense 2.2.5 Directory Traversal
Posted Dec 18, 2015
Authored by R-73eN

PFSense versions 2.2.5 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 77761926c57c910396212b39697d564b
PFSense 2.2.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by William Costa

PFSense version 2.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3481f5a759faa072f642cbe2b075aa2e
pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 25, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2015-2294, CVE-2015-2295
MD5 | bc66a1f3e20e3367a0e23a190864aad6
pfSense 2.1 Inclusion / Traversal / Escalation
Posted Jan 28, 2014
Authored by Pichaya Morimoto

pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 2236c37d41c83964641aa9cb11395907
Secunia Security Advisory 51981
Posted Feb 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in pfSense, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 63f0b985708858bcd0c22d3f9a72a3df
PFsense UTM Platform 2.0.1 XSS / CSRF
Posted Jan 29, 2013
Authored by Dimitris Strevinas

PFsense UTM Platform version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 8d065c06d359f38b0740a398bfa11e6a
Secunia Security Advisory 51674
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - pfSense has acknowledged multiple vulnerabilities in pfSense, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, local, vulnerability
MD5 | 1dff25a2fc152f7fe4a452a35f574fc7
Page 1 of 2
Back12Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close