PT-2024-1066 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...

OpenVPN Connect Security Breach

OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect versions 3.0 through 3.4.6, which stems from a vulnerability that allows local users to execute code in external third-party libraries using the...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

Path traversal

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46456

GL.iNET GL-AR300M (firmware 3.216) is affected by CVE-2023-46456, where the OpenVPN client file upload functionality can be abused to inject arbitrary shell commands, leading to remote code execution per multiple sources. The vulnerability affects the OpenVPN client file upload path; no official ...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

GL.iNet GL-AR300M Security Vulnerability

GL.iNet GL-AR300M is a modern mini smart router from China's GL.iNet. A security vulnerability exists in the GL.iNET GL-AR300M v4.3.7, which stems from the presence of a path traversal vulnerability that allows an attacker to write arbitrary files via the file upload function of the OpenVPN clien...

Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware

GL.iNet Multiple Vulnerabilities This repository contains the...

PT-2023-30034 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 3.216 Description: The issue allows for the injection of arbitrary shell commands through the OpenVPN client file upload functionality. This can potentially lead to remote code execution. Recommendations: For version...

PT-2023-30033 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows an attacker to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. This can potentially lead to unauthorized access and...

[SECURITY] Fedora 38 Update: openvpn-2.6.8-1.fc38

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Fedora: Security Advisory for openvpn (FEDORA-2023-e4df33666c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : openvpn (2023-e4df33666c)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e4df33666c advisory. This is an extended update of the OpenVPN 2.6.7 release which contains security fixes for CVE-2023-46849 and CVE-2023-46850. That release had a...