Jim Pingle

6 exploits Active since Sep 2025
CVE-2025-34173 WRITEUP MEDIUM WRITEUP
pfSense < 2.8.0 - Authenticated Path Traversal in Snort IP Reputation Check
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.
CVSS 4.3
CVE-2025-34174 WRITEUP MEDIUM WRITEUP
pfSense < 2.8.0 - Authenticated Stored Cross-Site Scripting via status_traffic_totals.php start-day Parameter
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
CVSS 5.4
CVE-2025-34175 WRITEUP MEDIUM WRITEUP
pfSense < 2.8.0 - Reflected Cross-Site Scripting via suricata_filecheck.php filehash Parameter
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
CVSS 6.1
CVE-2025-34176 WRITEUP MEDIUM WRITEUP
pfSense < 2.8.0 - Authenticated Path Traversal in Suricata IP Reputation Check
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS 4.3
CVE-2025-34177 WRITEUP MEDIUM WRITEUP
pfSense < 2.8.0 - Authenticated Stored Cross-Site Scripting in suricata_flow_stream.php
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS 5.4
CVE-2025-34178 WRITEUP MEDIUM WRITEUP
pfSense < 2.8.0 - Authenticated Stored Cross-Site Scripting via suricata_app_parsers.php policy_name Parameter
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS 5.4