CVE-2017-7720
https://notcve.org/view.php?id=CVE-2017-7720
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. Un desbordamiento de buffer en PrivateTunnel 2.7 y 2.8 permite a un atacante local causar una denegación de servicio (sobreescritura de SEH) a través de una contraseña larga. • https://www.exploit-db.com/exploits/41916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-5455 – OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. Vulnerabilidad de la ruta de búsqueda de Windows sin entrecomillar en el servicio ptservice anterior a la versión 3.0 de PrivateTunnel (Windows) y a la versión 3.1 de OpenVPN Connect (Windows) permite a los usuarios locales obtener privilegios a través de un archivo program.exe en la carpeta %SYSTEMDRIVE%. • https://www.exploit-db.com/exploits/34037 http://osvdb.org/show/osvdb/109007 http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html http://www.exploit-db.com/exploits/34037 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php https://github.com/CVEProject/cvelist/pull/3909 https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943 • CWE-428: Unquoted Search Path or Element •