Fernando Munoz

  • Login: fmunozs
  • Registered on: 02/17/2014
  • Last connection: 10/19/2015


open closed Total
Assigned issues 0 0 0
Reported issues 0 9 9



02:35 PM pfSense Bug #5294 (Resolved): System users and groups not fully protected from deletion
It's possible to shoot yourself on the foot and delete the admin user and all/admin groups.
1. Configure tamper d...
Fernando Munoz


01:20 PM pfSense Bug #5285: Failsafe mode
Unfortunately, I don't know for sure, I installed all the available packages and tried to use invalid data in every i... Fernando Munoz
11:54 AM pfSense Bug #5285 (Not a Bug): Failsafe mode
I'm not sure if this should be a feature request or a bug report, anyway since I've been messing around the webUI on ... Fernando Munoz


12:04 PM pfSense Feature #4083: Replace GET by POST
Is there any ETA for 2.3? it seems the target for this has been moving from version since almost one year ago, that d... Fernando Munoz


10:37 AM pfSense Bug #5203 (Resolved): Directory transversal in Configuration History
getcfg parameter doesn't filter chars with as .. or / this way an admin can retrieve other XML files from the system.... Fernando Munoz
10:28 AM pfSense Bug #5201: Stored XSS on authentication services
Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type. Fernando Munoz
10:27 AM pfSense Bug #5201 (Resolved): Stored XSS on authentication services
To reproduce the cross-site scripting:
1. Go to https://localhost:9090/system_authservers.php?act=new
- on fie...
Fernando Munoz


06:09 PM pfSense Bug #3498 (Resolved): Wake on Lan Widget no auth needed
Wake on Lan Widget doesn't include "", so no auth is required when accessing it remotely, this could lea... Fernando Munoz


02:52 PM pfSense Bug #3462 (Resolved): RCE - ARPING
Reviewing I can see that it's still possible to execute remote comman... Fernando Munoz
02:36 PM pfSense Bug #3461 (Resolved): XSS - package system
pkg parameter isn't encoded properly, it's possible to inject javascript code:
Fernando Munoz

Also available in: Atom