Design/Logic Flaw

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...

CVE-2018-7484

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...

CVE-2018-7484

Summary: CVE-2018-7484 affects PureVPN on Windows up to 5.19.4.0. The installer grants Everyone Full Control to the installation directory, and PureVPNService.exe (running as NT Authority\SYSTEM) loads DLLs via relative paths. If the program starts from a directory that is writable by all users a...

PureVPN Windows Elevation of Privilege Vulnerability

PureVPN is a paid VPN service. An elevation of privilege vulnerability exists in PureVPN for Windows version 5.19.4.0 and earlier. An attacker can exploit this vulnerability via DLL hijacking to achieve elevation of privilege...

PureVPN for macOS Elevation of Privilege Vulnerability

PureVPN for macOS is a suite of VPN software for the macOS platform. A security vulnerability exists in version 6.0.1 of PureVPN for macOS based platform, which stems from HelperTool LaunchDaemon implementing an unprotected XPC service. An attacker can exploit the vulnerability to execute system...

CVE-2018-6822

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root...

CVE-2018-6822

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root...

Design/Logic Flaw

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root...

CVE-2018-6822

Affected software: PureVPN for macOS (v6.0.1). Vulnerability: HelperTool LaunchDaemon exposes an unprotected XPC service that can be abused to execute system commands as root. Impact: High; CVSSv3 base score 9.8 (CRITICAL). Privileges elevated to root with no user interaction. Exploitation status...

CVE-2018-6822

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root...

PureVPN Aided FBI to Track CyberStalker by Providing His Logs

By Waqas On Friday a New Town, Massachusetts based man called Ryan This is a post from HackRead.com Read the original post: PureVPN Aided FBI to Track CyberStalker by Providing His Logs...

FBI Arrests A Cyberstalker After Shady "No-Logs" VPN Provider Shared User Logs

FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company's lies about the "no logs" policy. Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whos...

purevpn.com XSS vulnerability

Vulnerable URL: https://www.purevpn.com/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 01.06.2016 Latest check for patch:| 01.06.2016 00:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...

Metasploit Registrar Duped by Social Engineering, Not Fax

The registrar for the Metasploit and Rapid7 websites, both of which were victims of a DNS hijacking attack on Friday, was not duped by a spoofed change request sent via fax as it originally reported. Instead, a Register.com employee likely fell victim to a social engineering scam that resulted in...