Vulnerabilities > Ultravnc

DATE CVE VULNERABILITY TITLE RISK
2016-08-25 CVE-2016-5673 Improper Access Control vulnerability in Ultravnc Repeater 1201
UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number.
network
low complexity
ultravnc CWE-284
5.0
2012-09-07 CVE-2010-5248 Unspecified vulnerability in Ultravnc 1.0.8.2
Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file.
local
ultravnc
6.9
2009-02-04 CVE-2009-0388 Numeric Errors vulnerability in multiple products
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
network
low complexity
tightvnc ultravnc CWE-189
critical
10.0
2008-11-10 CVE-2008-5001 Buffer Errors vulnerability in Ultravnc 1.0.2/1.0.4
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.
network
ultravnc CWE-119
critical
9.3
2008-02-06 CVE-2008-0610 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ultravnc
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.
network
ultravnc CWE-119
critical
9.3
2006-05-05 CVE-2006-2206 Authentication vulnerability in Ultravnc 1.0.1
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
network
low complexity
ultravnc
critical
10.0
2006-04-06 CVE-2006-1652 Buffer Errors vulnerability in Ultravnc Tabbed Viewer and VNC Viewer
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
network
low complexity
ultravnc CWE-119
critical
9.0