Netgate: >> Pfsense >> 2.0.1 Security Vulnerabilities
Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup parameter to system_firmware_restorefullbackup.php.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-07-02
Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-07-02
Page 4