Fernando Munoz

  • Registered on: 02/17/2014
  • Last connection: 10/19/2015




02:35 PM pfSense Bug #5294 (Resolved): System users and groups not fully protected from deletion
It's possible to shoot yourself on the foot and delete the admin user and all/admin groups.
1. Configure tamper d...


01:20 PM pfSense Bug #5285: Failsafe mode
Unfortunately, I don't know for sure, I installed all the available packages and tried to use invalid data in every i...
11:54 AM pfSense Bug #5285 (Not a Bug): Failsafe mode
I'm not sure if this should be a feature request or a bug report, anyway since I've been messing around the webUI on ...


12:04 PM pfSense Feature #4083: Replace GET by POST
Is there any ETA for 2.3? it seems the target for this has been moving from version since almost one year ago, that d...


10:37 AM pfSense Bug #5203 (Resolved): Directory transversal in Configuration History
getcfg parameter doesn't filter chars with as .. or / this way an admin can retrieve other XML files from the system....
10:28 AM pfSense Bug #5201: Stored XSS on authentication services
Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type.
10:27 AM pfSense Bug #5201 (Resolved): Stored XSS on authentication services
To reproduce the cross-site scripting:
1. Go to https://localhost:9090/system_authservers.php?act=new
- on fie...


06:09 PM pfSense Bug #3498 (Resolved): Wake on Lan Widget no auth needed
Wake on Lan Widget doesn't include "", so no auth is required when accessing it remotely, this could lea...


02:52 PM pfSense Bug #3462 (Resolved): RCE - ARPING
Reviewing I can see that it's still possible to execute remote comman...
02:36 PM pfSense Bug #3461 (Resolved): XSS - package system
pkg parameter isn't encoded properly, it's possible to inject javascript code:

Also available in: Atom