Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ExpressVPN for Windows 路径遍历漏洞
Vulnerability Description
ExpressVPN for Windows是一款基于Windows平台的VPN(虚拟专用网络)软件。 基于Windows平台的ExpressVPN中的JSON-RPC XVPN.GetPreference和XVPN.SetPreference方法存在路径遍历漏洞。攻击者可利用该漏洞对文件系统上的文件进行读取和写入。
CVSS Information
N/A
Vulnerability Type
N/A