RSS   Podatności dla 'Expressvpn'   RSS

2021-03-10
 
CVE-2020-29238

CWE-190
 

 
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.

 
2019-01-02
 
CVE-2018-15490

CWE-22
 

 
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service.

 


Copyright 2024, cxsecurity.com

 

Back to Top