Vulnerabilities > Cybelesoft

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-20	CVE-2022-25227	Origin Validation Error vulnerability in Cybelesoft Thinfinity VNC 4.0.0.1 Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE. network cybelesoft CWE-346	6.8
2022-02-09	CVE-2021-46354	Exposure of Resource to Wrong Sphere vulnerability in Cybelesoft Thinfinity Virtualui 2.1.28.0/2.1.32.1/2.5.26.2 Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. network low complexity cybelesoft CWE-668	5.0
2021-12-20	CVE-2021-44554	Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. network low complexity cybelesoft CWE-203	5.0
2021-12-16	CVE-2021-45092	Unspecified vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. network low complexity cybelesoft	7.5
2021-12-13	CVE-2021-44848	Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. network low complexity cybelesoft CWE-203	5.0
2020-06-04	CVE-2019-16385	Cross-site Scripting vulnerability in Cybelesoft Thinfinity Virtualui 2.0/2.5/2.5.17.2 Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. network cybelesoft CWE-79	4.3
2020-06-04	CVE-2019-16384	Path Traversal vulnerability in Cybelesoft Thinfinity Virtualui 2.0/2.5/2.5.17.2 Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. cybelesoft CWE-22	4.0
2017-10-06	CVE-2015-1429	Path Traversal vulnerability in Cybelesoft Thinfinity Remote Desktop Workstation 3.0.0.3 Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. network low complexity cybelesoft CWE-22	5.0

Vulnerabilities > Cybelesoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cybelesoft"}]}

Vulnerabilities > Cybelesoft