Ad Schellevis

13 exploits Active since Aug 2023
CVE-2026-2035 WRITEUP MEDIUM WRITEUP
Deciso OPNsense - Command Injection RCE
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28131.
CVSS 6.8
CVE-2023-38997 WRITEUP HIGH WRITEUP
OPNsense <23.7-23.4.2 - Path Traversal
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
CVSS 7.2
CVE-2023-38998 WRITEUP MEDIUM WRITEUP
OPNsense <23.7-23.4.2 - Open Redirect
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVSS 6.1
CVE-2023-38999 WRITEUP MEDIUM WRITEUP
OPNsense < 23.7 - Cross-Site Request Forgery in System Halt API
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS 6.5
CVE-2023-39000 WRITEUP MEDIUM WRITEUP
OPNsense < 23.7 - Reflected Cross-Site Scripting via URL Path in Log Diagnostics
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.
CVSS 6.1
CVE-2023-39001 WRITEUP CRITICAL WRITEUP
OPNsense <23.7-23.4.2 - Command Injection
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.
CVSS 9.8
CVE-2023-39002 WRITEUP MEDIUM WRITEUP
OPNsense < 23.7 - Cross-Site Scripting via system_certmanager.php act Parameter
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 6.1
CVE-2023-39006 WRITEUP MEDIUM WRITEUP
OPNsense <23.7-23.4.2 - Info Disclosure
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
CVSS 5.4
CVE-2023-39007 WRITEUP CRITICAL WRITEUP
OPNsense < 23.7 - Cross-Site Scripting via Cron Item Controller openAction Parameter
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
CVSS 9.6
CVE-2023-39008 WRITEUP CRITICAL WRITEUP
OPNsense <23.7-23.4.2 - Command Injection
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
CVSS 9.8
CVE-2023-44275 WRITEUP MEDIUM WRITEUP
OPNsense < 23.7.5 - Cross-Site Scripting via Lobby Dashboard column_count Parameter
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
CVSS 5.4
CVE-2023-44276 WRITEUP MEDIUM WRITEUP
OPNsense < 23.7.5 - Cross-Site Scripting via Lobby Dashboard Sequence Parameter
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
CVSS 5.4
CVE-2025-13698 WRITEUP MEDIUM WRITEUP
OPNsense >=25.7 <25.7 - Authenticated Path Traversal and Arbitrary File Write via diag_backup.php
Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root. Was ZDI-CAN-28133.
CVSS 4.5