10 matches found
EUVD-2018-2454
Malware in sbrugna...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
Malicious code in com.tunnelbear.blocker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c468294ac2adc018e4e040e8fd0d5f9abd2e499644c0d57947a408e46fa1e0c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
TunnelBear for Windows Elevation of Privilege Vulnerability
TunnelBear for Windows is a Windows-based VPN software for anonymous access to restricted networks. A privilege extraction vulnerability in TunnelBear version 3.2.0.6 for Windows-based platforms stems from a NetNamedPipe endpoint created by the TunnelBearMaintenance service that allows arbitrary...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
Privilege escalation
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows is affected by a SYSTEM elevation vulnerability in the TunnelBearMaintenance NetNamedPipe endpoint. The OpenVPNConnect method can accept a server list argument that enables an attacker to control the OpenVPN command line, and an attacker can specify a dynamic librar...
TunnelBear VPN - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application TunnelBear VPN published at the 'play' market has multiple vulnerabilities...