38 matches found
Design/Logic Flaw
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...
CVE-2021-45092
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...
CVE-2021-45092
CVE-2021-45092 affects Thinfinity VirtualUI prior to 3.0. Affected component: the /lab.html endpoint (reachable by default), where the vpath parameter can be used to inject an IFRAME. Under the described conditions, exploitation could lead to iframeing external sites, with potential impact depend...
Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Vulnerability
Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on: Microsoft Window...
Cybele Software Thinfinity VirtualUI 安全漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A security vulnerability exists in Cybele Software Thinfinity VirtualUI versions...
Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration
Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...
CVE-2021-44848
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...
CVE-2021-44848
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...
Cybele Software Thinfinity VirtualUI授权问题漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. A security vulnerability exists in Cybele Software Thinfinity VirtualUI, which...
Cybele Software Thinfinity VirtualUI Cross-Site Scripting Vulnerability
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A cross-site scripting vulnerability exists in Cybele Software Thinfinity VirtualUI...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
Cross site scripting
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
Path traversal
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
CVE-2019-16384
CVE-2019-16384 affects Cybele Software Thinfinity VirtualUI (version 2.5.17.2). The vulnerability is a path traversal flaw that allows accessing files outside the web directory if the attacker knows the exact location and has permissions. Root cause described as improper filtering of path element...
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...