12 matches found
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
EUVD-2019-7135
Malware in sbrugna...
PT-2024-28832 · Cybele · Thinfinity Workspace
Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: A full path disclosure issue allows attackers to obtain the root path of the application via unspecified vectors. This could potentially be exploited to gain...
Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration
Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
Cross site scripting
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
Path traversal
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
CVE-2019-16384
CVE-2019-16384 affects Cybele Software Thinfinity VirtualUI (version 2.5.17.2). The vulnerability is a path traversal flaw that allows accessing files outside the web directory if the attacker knows the exact location and has permissions. Root cause described as improper filtering of path element...
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 is affected by CVE-2019-16385 due to an HTTP response splitting flaw via the mimetype parameter in a PDF viewer request, enabling a reflected XSS when a user loads a malicious PDF request (example.pdf?mimetype=...). Red Hat advisory RH:CVE-2019-16385 corrobora...