The vulnerability of the Node.js software library OpenVPN Connect allows a hacker to execute arbitrary code.

The vulnerability of the Node.js software product OpenVPN Connect relates to the lack of measures to neutralize instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

openvpn -- two security fixes

Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows: CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. Reynir Björnss...

PT-2024-5857 · Openvpn +7 · Openvpn +7

Name of the Vulnerable Software and Affected Versions: OpenVPN versions prior to 2.6.11 Description: The issue is related to the lack of proper sanitization of PUSH REPLY messages, which can be exploited by attackers to inject unexpected arbitrary data into third-party executables or plug-ins. Th...

PT-2025-14766 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.4.0 through 2.6.10 Description: The issue allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to, enabling it to escalate its privileges. Recommendations: For...

Vulnerability of OpenVPN software – fragments related to zero-division errors, allowing a violator to trigger a service failure

The vulnerability of OpenVPN software-related programs is related to the initiation of a zero-division. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of the OpenVPN software lies in the use of memory after it is freed, allowing a hacker to trigger a service failure.

The vulnerability of the OpenVPN software is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

ROS-20240402-23

A vulnerability in the --fragment option of OpenVPN software is related to the initiation of division by zero. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in OpenVPN software is related to memory handling errors. Exploitatio...

PT-2024-6140 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier Description: The issue is related to the interactive service in OpenVPN, which allows the OpenVPN service pipe to be accessed remotely. This enables a remote attacker to interact with the privileged OpenVPN...

PT-2024-6141 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier Description: The issue is related to the interactive service in OpenVPN, which allows an attacker to send data causing a stack overflow. This can be used to execute arbitrary code with more privileges. The...

Siemens Multiple Vulnerabilities in SCALANCE Products (CVE-2022-34821)

Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state. Siemens has released updates for the affected products and recommends to update ...

OpenVPN 安全漏洞

OpenVPN is a software package from OpenVPN, Inc. that creates encrypted tunnels for virtual private networks VPNs, uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or usernames/passwords. A...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

OpenVPN 安全漏洞

OpenVPN is a software package from US-based OpenVPN Inc. for creating encrypted tunnels for virtual private networks VPNs that uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

PT-2024-5009 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier Description: The issue is related to the unrestricted loading of plug-in files in OpenVPN on Windows. This allows an attacker to load an arbitrary plug-in, which can interact with the privileged OpenVPN...

ROS-2-511

2.511 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

ROS-2-805

2.805 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN Virtual Private Networking Package 2.4.9 has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

GL.iNet AR300M v3.216 Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet AR300M 3.216 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet AR300M v4.3.7 Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...