|
292281
|
- |
|
pfsense
netgate
|
snort_package
pfsense
|
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1…
|
NVD-CWE-Other
|
CVE-2014-4695
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292282
|
- |
|
pfsense
netgate
|
suricata_package
pfsense
|
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4694
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292283
|
- |
|
pfsense
netgate
|
snort_package
pfsense
|
Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4693
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292284
|
- |
|
netgate
|
pfsense
|
pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive i…
|
CWE-200
Information Exposure
|
CVE-2014-4692
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292285
|
- |
|
netgate
|
pfsense
|
Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie.
|
NVD-CWE-Other
|
CVE-2014-4691
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292286
|
- |
|
netgate
|
pfsense
|
Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow …
|
CWE-22
Path Traversal
|
CVE-2014-4690
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292287
|
- |
|
netgate
|
pfsense
|
Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.
|
CWE-22
Path Traversal
|
CVE-2014-4689
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292288
|
- |
|
netgate
|
pfsense
|
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php…
|
NVD-CWE-Other
|
CVE-2014-4688
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292289
|
- |
|
netgate
|
pfsense
|
Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4687
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292290
|
- |
|
fedoraproject
mageia_project
cherokee-project
|
fedora
mageia
cherokee
|
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attac…
|
CWE-287
Improper Authentication
|
CVE-2014-4668
|
2024-11-21 11:10 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
