6 matches found
The vulnerability of the AWS VPN Client service, related to the disclosure of information, allows a perpetrator to expose the protected information.
The vulnerability of the AWS VPN Client relates to the exposure of information. Exploiting this vulnerability could allow a malicious actor to disclose protected information using a specially created malicious configuration file named ovpn...
CVE-2022-25166
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...
CVE-2020-13260
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...
Cross site scripting
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...
CVE-2020-13260
The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...