pfSense version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities. The cross site request forgery proof of concept also demonstrates a remote command execution vulnerability.
94f420cccc815bf5e6c23bf9a91dc74dd47d39e3a3f76ad09f158b2b4de134dc