Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0)
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6626)
WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0704)