ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via ‘http://thin-vnc:8080/cmd?cmd=connect’ by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
[
{
"product": "ThinVNC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0b1"
}
]
}
]