6 matches found
CVE-2026-34796 Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsopenvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
CVE-2025-34304
IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...
CVE-2025-34304
IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...
CVE-2025-34304
IPFire
CVE-2025-34304 IPFire < v2.29 SQL Injection via OpenVPN Connection Logs
IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...
Multiple Siemens Products Log Output Medium and Error Vulnerabilities
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. A log output neutralization error vulnerability exists in multiple Siemens products, which can be exploited by an attacker to send spam to the openvpn logs, causing a high CPU load...