- 02:35 PM pfSense Bug #5294 (Resolved): System users and groups not fully protected from deletion
- It's possible to shoot yourself on the foot and delete the admin user and all/admin groups.
1. Configure tamper d...
- 01:20 PM pfSense Bug #5285: Failsafe mode
- Unfortunately, I don't know for sure, I installed all the available packages and tried to use invalid data in every i...
- 11:54 AM pfSense Bug #5285 (Not a Bug): Failsafe mode
- I'm not sure if this should be a feature request or a bug report, anyway since I've been messing around the webUI on ...
- 12:04 PM pfSense Feature #4083: Replace GET by POST
- Is there any ETA for 2.3? it seems the target for this has been moving from version since almost one year ago, that d...
- 10:37 AM pfSense Bug #5203 (Resolved): Directory transversal in Configuration History
- getcfg parameter doesn't filter chars with as .. or / this way an admin can retrieve other XML files from the system....
- 10:28 AM pfSense Bug #5201: Stored XSS on authentication services
- Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type.
- 10:27 AM pfSense Bug #5201 (Resolved): Stored XSS on authentication services
- To reproduce the cross-site scripting:
1. Go to https://localhost:9090/system_authservers.php?act=new
- on fie...
- 06:09 PM pfSense Bug #3498 (Resolved): Wake on Lan Widget no auth needed
- Wake on Lan Widget doesn't include "guiconfig.inc", so no auth is required when accessing it remotely, this could lea...
- 02:52 PM pfSense Bug #3462 (Resolved): RCE - ARPING
- Reviewing http://seclists.org/fulldisclosure/2014/Jan/187 I can see that it's still possible to execute remote comman...
- 02:36 PM pfSense Bug #3461 (Resolved): XSS - package system
Also available in: Atom