Authentication flaw

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the serve...

CVE-2022-25226

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the serve...

CVE-2019-17662

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a...

CVE-2019-17662

ThinVNC 1.0b1 is vulnerable to an arbitrary file read via a ../../ThinVnc.ini directory traversal, allowing an attacker to read the password file and bypass authentication even when authentication is enabled. The root cause is a directory traversal flaw that exposes the authentication file in cle...

CVE-2014-9559

Cross-site scripting XSS vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search...

SnipSnap 0.5.2a / 1.0b1 / 1.0b2 Cross Site Scripting

CVE-2014-9559 SnipSnap XSS Cross-Site Scripting Security Vulnerabilities Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015...

SnipSnap < 1.0b1 POST Request HTTP Response Splitting

Binary data 2289.prm...