Lucene search
K

6 matches found

BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.7 views

The vulnerability of the AWS VPN Client service, related to the disclosure of information, allows a perpetrator to expose the protected information.

The vulnerability of the AWS VPN Client relates to the exposure of information. Exploiting this vulnerability could allow a malicious actor to disclose protected information using a specially created malicious configuration file named ovpn...

6.8CVSS6.5AI score0.00518EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/04/14 4:15 p.m.5 views

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

5CVSS5.8AI score0.0145EPSS
Exploits2References2
NVD
NVD
added 2020/09/17 8:15 p.m.25 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

6.1CVSS0.01982EPSS
Exploits5References3
Prion
Prion
added 2020/09/17 8:15 p.m.22 views

Cross site scripting

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

4.3CVSS7AI score0.04663EPSS
Exploits7References3Affected Software1
CVE
CVE
added 2020/09/17 7:49 p.m.81 views

CVE-2020-13260

The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...

6.1CVSS6.8AI score0.01982EPSS
Exploits5References3Affected Software1
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.513 views

RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

0.1AI score0.04663EPSS
Exploits7
Rows per page
Query Builder