CVE-2018-7484

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...

CVE-2023-48957

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers...

CVE-2023-48957

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers...

PT-2024-13665 · Purevpn · Purevpn Linux Client

Name of the Vulnerable Software and Affected Versions: PureVPN Linux client version 2.0.2 Description: The PureVPN Linux client fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. This issue is related to improper...

PureVPN 安全漏洞

PureVPN is a VPN software from PureVPN Inc. A security vulnerability exists in PureVPN that stems from an inability to properly handle DNS queries...

CVE-2023-48957

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers...

CVE-2023-48957

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers...

CVE-2023-48957

CVE-2023-48957 concerns the PureVPN Linux client (2.0.2-Productions) where the DNS query handling is flawed, allowing DNS requests to bypass the VPN tunnel and go directly to the ISP/default DNS servers. The root cause is an improper DNS query handling/control flow in the client, per connected ad...

CVE-2018-18656

The PureVPN client before 6.1.0 for Windows stores Login Credentials username and password in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file...

Default credentials

The PureVPN client before 6.1.0 for Windows stores Login Credentials username and password in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file...

CVE-2018-18656

The PureVPN client before 6.1.0 for Windows stores Login Credentials username and password in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file...

CVE-2018-18656

The PureVPN client before 6.1.0 for Windows stores Login Credentials username and password in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file...

CVE-2018-18656

The CVE-2018-18656 entry concerns the PureVPN Windows client prior to version 6.1.0, which stores login credentials (username and password) in cleartext at %PROGRAMDATA%\purevpn\config\login.conf. The file is readable by all local users, enabling credential disclosure and potential further compro...

Windows Gather PureVPN Client Credential Collector

Finds the password stored for the PureVPN Client. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather PureVPN Client Credential Collector', 'Description' = %q Finds the password stor...

Privilege escalation

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This fi...

CVE-2018-10204

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This fi...

CVE-2018-10204

CVE-2018-10204 affects PureVPN 6.0.1 for Windows, via the sevpnclient service when using the OpenVPN protocol. The OpenVPN config at %PROGRAMDATA%\purevpn\config\config.ovpn has write permissions for the Everyone group. An authenticated attacker can modify this file to specify a dynamic library p...

CVE-2018-10204

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This fi...

CVE-2018-7484

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...

Design/Logic Flaw

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...