Lucene search
K

8 matches found

Packet Storm
Packet Storm
•added 2021/12/16 12:0 a.m.•374 views

Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...

5.3CVSS5.8AI score0.23141EPSS
Exploits4
NVD
NVD
•added 2020/06/04 4:15 p.m.•19 views

CVE-2019-16384

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...

6.5CVSS6.5AI score0.01086EPSS
Exploits1References1
NVD
NVD
•added 2020/06/04 4:15 p.m.•13 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

6.1CVSS6AI score0.008EPSS
Exploits1References1
Prion
Prion
•added 2020/06/04 4:15 p.m.•16 views

Path traversal

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...

4CVSS6.5AI score0.01086EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/06/04 4:15 p.m.•13 views

Cross site scripting

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

4.3CVSS5.8AI score0.01086EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
•added 2020/06/04 3:30 p.m.•25 views

CVE-2019-16384

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...

6.5AI score0.01086EPSS
Exploits1References1
CVE
CVE
•added 2020/06/04 3:30 p.m.•61 views

CVE-2019-16384

CVE-2019-16384 affects Cybele Software Thinfinity VirtualUI (version 2.5.17.2). The vulnerability is a path traversal flaw that allows accessing files outside the web directory if the attacker knows the exact location and has permissions. Root cause described as improper filtering of path element...

6.5CVSS6.5AI score0.01086EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
•added 2020/06/04 3:29 p.m.•23 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

6AI score0.01086EPSS
Exploits2References1
Rows per page
Query Builder