Vulnerabilities > Cybelesoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-20 | CVE-2022-25227 | Origin Validation Error vulnerability in Cybelesoft Thinfinity VNC 4.0.0.1 Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE. | 8.8 |
2022-02-09 | CVE-2021-46354 | Exposure of Resource to Wrong Sphere vulnerability in Cybelesoft Thinfinity Virtualui 2.1.28.0/2.1.32.1/2.5.26.2 Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. | 7.5 |
2021-12-20 | CVE-2021-44554 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. | 5.3 |
2021-12-16 | CVE-2021-45092 | Unspecified vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | 9.8 |
2021-12-13 | CVE-2021-44848 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | 5.3 |
2020-06-04 | CVE-2019-16385 | Injection vulnerability in Cybelesoft Thinfinity Virtualui Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. | 6.1 |
2020-06-04 | CVE-2019-16384 | Path Traversal vulnerability in Cybelesoft Thinfinity Virtualui Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. | 6.5 |
2017-10-06 | CVE-2015-1429 | Path Traversal vulnerability in Cybelesoft Thinfinity Remote Desktop Workstation 3.0.0.3 Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. | 7.5 |