Published: 22/11/2023 Updated: 30/11/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

In mprivacy-tools prior to 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.

Vulnerable Product	Search on Vulmon	Subscribe to Product
m-privacy mprivacy-tools
m-privacy tightgatevnc

m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities ...

CWE-22 https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://www.m-privacy.de/en/tightgate-pro-safe-surfing/https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/http://seclists.org/fulldisclosure/2023/Nov/13 http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html https://nvd.nist.gov https://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-47251

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect