2382 matches found
Design/Logic Flaw
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...
CVE-2021-20145
Gryphon Tower routers are affected by CVE-2021-20145 due to an unprotected OpenVPN configuration file. The root cause is configuration data left accessible, which can grant an attacker access to the Gryphon homebound VPN network and expose LAN interfaces of other users’ devices sharing the same s...
CVE-2021-20145
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...
The vulnerability of the mbConnect24serv component for clients to establish encrypted connections with mbDIALUP allows a perpetrator to enhance their privileges and execute arbitrary codes.
The vulnerability of the mbConnect24serv component for clients to establish encrypted connections with mbDIALUP is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code using a malicious OpenVPN...
OpenVPN Connect Installed (Windows)
Binary data openvpnconnectwininstalled.nbin...
OpenVPN Connect 3.2.0 < 3.3.1 Input Validation Vulnerability (Windows)
According to its self-reported version number, the version of OpenVPN Connect installed on the remote Windows host is affected by an input validation vulnerability. OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration fil...
CVE-2021-31606
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...
CVE-2021-31604
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...
CVE-2021-31605
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...
CVE-2021-31604
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...
CVE-2021-31605
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...
CVE-2021-31606
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...
Command injection
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...
PYSEC-2021-352
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...
Cross site request forgery (csrf)
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...
PYSEC-2021-354
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...
PYSEC-2021-353
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM...
Authorization
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...
PYSEC-2021-354
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...
PYSEC-2021-352
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...