GL.iNet AR300M 4.3.7 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

SUSE CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

Design/Logic Flaw

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

OpenVPN Security Vulnerabilities

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

MikroTik RouterOS Improper Certificate Validation (CVE-2018-10066)

An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network fo...

OpenVPN Server Client Web Server Detection

The remote host is running an OpenVPN Client Web Server. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid191048; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/04/10"; scriptnameenglish:"OpenVPN Server Client...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2023-7235 vulnerabilities

Vulnerabilities for packages: openvpn...

Design/Logic Flaw

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2023-7235

CVE-2023-7235 concerns the OpenVPN GUI installer prior to version 2.6.9, where the installation directory of OpenVPN binaries did not have proper access control when using a non-standard path. This weakness could allow an attacker to replace binaries and execute arbitrary code. The initial CVE en...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

OpenVPN Security Vulnerabilities

OpenVPN is a software package from US-based OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

PT-2024-15241 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions prior to 2.6.9 Description: The OpenVPN GUI installer did not set proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path. This allows an attacker to...