General

Profile

Fernando Munoz

  • Login: fmunozs
  • Registered on: 02/17/2014
  • Last connection: 10/19/2015

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 0 9 9

Activity

10/10/2015

02:35 PM pfSense Bug #5294 (Resolved): System users and groups not fully protected from deletion
It's possible to shoot yourself on the foot and delete the admin user and all/admin groups.
1. Configure tamper d...
Fernando Munoz

10/07/2015

01:20 PM pfSense Bug #5285: Failsafe mode
Unfortunately, I don't know for sure, I installed all the available packages and tried to use invalid data in every i... Fernando Munoz
11:54 AM pfSense Bug #5285 (Not a Bug): Failsafe mode
I'm not sure if this should be a feature request or a bug report, anyway since I've been messing around the webUI on ... Fernando Munoz

10/03/2015

12:04 PM pfSense Feature #4083: Replace GET by POST
Is there any ETA for 2.3? it seems the target for this has been moving from version since almost one year ago, that d... Fernando Munoz

09/24/2015

10:37 AM pfSense Bug #5203 (Resolved): Directory transversal in Configuration History
getcfg parameter doesn't filter chars with as .. or / this way an admin can retrieve other XML files from the system.... Fernando Munoz
10:28 AM pfSense Bug #5201: Stored XSS on authentication services
Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type. Fernando Munoz
10:27 AM pfSense Bug #5201 (Resolved): Stored XSS on authentication services
To reproduce the cross-site scripting:
1. Go to https://localhost:9090/system_authservers.php?act=new
- on fie...
Fernando Munoz

03/02/2014

06:09 PM pfSense Bug #3498 (Resolved): Wake on Lan Widget no auth needed
Wake on Lan Widget doesn't include "guiconfig.inc", so no auth is required when accessing it remotely, this could lea... Fernando Munoz

02/17/2014

02:52 PM pfSense Bug #3462 (Resolved): RCE - ARPING
Reviewing http://seclists.org/fulldisclosure/2014/Jan/187 I can see that it's still possible to execute remote comman... Fernando Munoz
02:36 PM pfSense Bug #3461 (Resolved): XSS - package system
pkg parameter isn't encoded properly, it's possible to inject javascript code:
https://ip/pkg_mgr_install.php?mode...
Fernando Munoz

Also available in: Atom