Vulnerabilities > Cybelesoft

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-25227 Origin Validation Error vulnerability in Cybelesoft Thinfinity VNC 4.0.0.1
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.
network
low complexity
cybelesoft CWE-346
8.8
2022-02-09 CVE-2021-46354 Exposure of Resource to Wrong Sphere vulnerability in Cybelesoft Thinfinity Virtualui 2.1.28.0/2.1.32.1/2.5.26.2
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site.
network
low complexity
cybelesoft CWE-668
7.5
2021-12-20 CVE-2021-44554 Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI.
network
low complexity
cybelesoft CWE-203
5.3
2021-12-16 CVE-2021-45092 Unspecified vulnerability in Cybelesoft Thinfinity Virtualui
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
network
low complexity
cybelesoft
critical
9.8
2021-12-13 CVE-2021-44848 Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
network
low complexity
cybelesoft CWE-203
5.3
2020-06-04 CVE-2019-16385 Injection vulnerability in Cybelesoft Thinfinity Virtualui
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring.
network
low complexity
cybelesoft CWE-74
6.1
2020-06-04 CVE-2019-16384 Path Traversal vulnerability in Cybelesoft Thinfinity Virtualui
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration.
network
low complexity
cybelesoft CWE-22
6.5
2017-10-06 CVE-2015-1429 Path Traversal vulnerability in Cybelesoft Thinfinity Remote Desktop Workstation 3.0.0.3
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a ..
network
low complexity
cybelesoft CWE-22
7.5