Fernando Munoz
- Login: fmunozs
- Registered on: 02/17/2014
- Last connection: 10/19/2015
Issues
| open | closed | Total | |
|---|---|---|---|
| Assigned issues | 0 | 0 | 0 |
| Reported issues | 0 | 9 | 9 |
Activity
10/10/2015
-
02:35 PM pfSense Bug #5294 (Resolved): System users and groups not fully protected from deletion
- It's possible to shoot yourself on the foot and delete the admin user and all/admin groups.
1. Configure tamper d...
10/07/2015
-
- Unfortunately, I don't know for sure, I installed all the available packages and tried to use invalid data in every i...
-
- I'm not sure if this should be a feature request or a bug report, anyway since I've been messing around the webUI on ...
10/03/2015
-
- Is there any ETA for 2.3? it seems the target for this has been moving from version since almost one year ago, that d...
09/24/2015
-
- getcfg parameter doesn't filter chars with as .. or / this way an admin can retrieve other XML files from the system....
-
- Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type.
-
- To reproduce the cross-site scripting:
1. Go to https://localhost:9090/system_authservers.php?act=new
- on fie...
03/02/2014
-
- Wake on Lan Widget doesn't include "guiconfig.inc", so no auth is required when accessing it remotely, this could lea...
02/17/2014
-
- Reviewing http://seclists.org/fulldisclosure/2014/Jan/187 I can see that it's still possible to execute remote comman...
-
- pkg parameter isn't encoded properly, it's possible to inject javascript code:
https://ip/pkg_mgr_install.php?mode...
Also available in: Atom