CVE-2018-7716

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...

CVE-2018-7716

PrivateVPN for macOS (v2.0.31) suffers a root privilege escalation via its com.privat.vpn.helper XPC service. The XPC interface accepts a config string that should reference an internal OpenVPN configuration, but an attacker can send a malicious XPC message directing the service to a config file ...

Unauthenticated OpenVPN Server Detection

The remote host is running an OpenVPN server. Based on its responses, the remote host appears to be in unauthenticated mode. This means that the tunnel is unencrypted and authentication is disabled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

CVE-2018-7311

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new...

Privilege escalation

DISPUTED PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for...

CVE-2018-7311

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new...

CVE-2018-7311

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new...

PT-2018-18015 · Privatevpn +1 · Privatevpn +1

Name of the Vulnerable Software and Affected Versions: PrivateVPN version 2.0.31 for macOS Description: The software installs a privileged helper tool that runs as the root user, which is installed as a LaunchDaemon and implements an XPC service. This XPC service handles new VPN connection...

Debian: Security Advisory (DLA-999-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-944-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : openvpn (2017-5882331351)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...

The vulnerability of the OpenVPN package arises from the improper handling of client connections to HTTP proxies, allowing a hacker to execute arbitrary code.

The vulnerability of the OpenVPN package exists due to improper handling of client connections to HTTP proxies with NTLMv authentication. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Golden Frog VyprVPN for macOS Elevation of Privilege Vulnerability

Golden Frog VyprVPN for macOS is a suite of VPN software for the macOS platform. An elevation of privilege vulnerability exists in versions of Golden Frog VyprVPN for macOS prior to 2.15.0.5828. An attacker can exploit this vulnerability by forcing the VyprVPN application to load a malicious...

CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forci...

CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forci...

Code injection

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forci...

CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forci...

CVE-2017-17809

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forci...

CVE-2017-17809

The CVE-2017-17809 entry affects Golden Frog VyprVPN for macOS prior to 2.15.0.5828. The vyprvpnservice launch daemon exposes an unprotected XPC service that lets attackers update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary. An attacker could abuse this to ...

CryKeX - Linux Memory Cryptographic Keys Extractor

CryKeX - Linux Memory Cryptographic Keys Extractor Properties: Cross-platform Minimalism Simplicity Interactivity Compatibility/Portability Application Independable Process Wrapping Process Injection Dependencies: Unix - should work on any Unix-based OS BASH - the whole script root privileges...