Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cybelesoft vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-46354
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP o...
Cybelesoft Thinfinity Virtualui 2.1.28.0
Cybelesoft Thinfinity Virtualui 2.1.32.1
Cybelesoft Thinfinity Virtualui 2.5.26.2
5.3
CVSSv3
CVE-2021-44554
Thinfinity VirtualUI prior to 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different l...
Cybelesoft Thinfinity Virtualui
9.8
CVSSv3
CVE-2021-45092
Thinfinity VirtualUI prior to 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
Cybelesoft Thinfinity Virtualui
1 Github repository
6.1
CVSSv3
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. Thi...
Cybelesoft Thinfinity Virtualui
5.3
CVSSv3
CVE-2021-44848
In Cibele Thinfinity VirtualUI prior to 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
Cybelesoft Thinfinity Virtualui
1 Github repository
6.5
CVSSv3
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.
Cybelesoft Thinfinity Virtualui
8.8
CVSSv3
CVE-2022-25227
Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.
Cybelesoft Thinfinity Vnc 4.0.0.1
7.5
CVSSv3
CVE-2015-1429
Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote malicious users to download arbitrary files via a .. (dot dot) in an unspecified parameter.
Cybelesoft Thinfinity Remote Desktop Workstation 3.0.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started