37 matches found
EUVD-2021-31381
Malicious code in bioql PyPI...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
VulnCheck KEV: CVE-2021-45092
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Vulnerability
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site to be iframed...
Thinfinity VirtualUI 2.5.41.0 IFRAME Injection
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...
CVE-2021-46354
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...
CVE-2021-46354
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...
Information disclosure
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...
CVE-2021-46354
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...
CVE-2021-46354
CVE-2021-46354 affects Thinfinity VirtualUI versions 2.1.28.0, 2.1.32.1, and 2.5.26.2; fixed in 3.0. The vulnerability is an information disclosure caused by the Addr parameter in the cmd site, enabling the vulnerable server to send requests to external systems and potentially reveal the real IP ...
Cybele Software Thinfinity VirtualUI 信息泄露漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
Code injection
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
CVE-2021-44554
CVE-2021-44554 affects Thinfinity VirtualUI prior to 3.0. The vulnerability allows an unauthenticated attacker to enumerate Windows OS usernames via the /changePassword URI, returning messages that reveal whether a username exists, with language variation based on VirtualUI configuration (example...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
Cybele Software Thinfinity VirtualUI 代码问题漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. A code issue vulnerability exists in Thinfinity VirtualUI because the product...
CVE-2021-45092
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...
CVE-2021-45092
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...
Design/Logic Flaw
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...