Lucene search
K

45 matches found

NVD
NVD
added 2021/12/16 4:15 a.m.22 views

CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

9.8CVSS0.39973EPSS
Exploits3References2
Prion
Prion
added 2021/12/16 4:15 a.m.16 views

Design/Logic Flaw

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

7.5CVSS9.5AI score0.39973EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2021/12/16 3:7 a.m.78 views

CVE-2021-45092

CVE-2021-45092 affects Thinfinity VirtualUI prior to 3.0. Affected component: the /lab.html endpoint (reachable by default), where the vpath parameter can be used to inject an IFRAME. Under the described conditions, exploitation could lead to iframeing external sites, with potential impact depend...

9.8CVSS9.5AI score0.39973EPSS
In wildExploits3References2Affected Software1
Cvelist
Cvelist
added 2021/12/16 3:7 a.m.39 views

CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

9.8AI score0.39973EPSS
Exploits3References2
0day.today
0day.today
added 2021/12/16 12:0 a.m.169 views

Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Vulnerability

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on: Microsoft Window...

5.3CVSS5.8AI score0.23141EPSS
Exploits4
CNNVD
CNNVD
added 2021/12/16 12:0 a.m.6 views

Cybele Software Thinfinity VirtualUI 安全漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A security vulnerability exists in Cybele Software Thinfinity VirtualUI versions...

9.8CVSS8.4AI score0.39973EPSS
Exploits3References5
Packet Storm
Packet Storm
added 2021/12/16 12:0 a.m.376 views

Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...

5.3CVSS5.8AI score0.23141EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/16 12:0 a.m.330 views

Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...

5.3CVSS5.8AI score0.23141EPSS
Exploits4
NVD
NVD
added 2021/12/13 2:15 a.m.16 views

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

5.3CVSS0.23141EPSS
Exploits4References2
OSV
OSV
added 2021/12/13 2:15 a.m.3 views

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

5.3CVSS6.1AI score0.23141EPSS
Exploits4References2
Prion
Prion
added 2021/12/13 2:15 a.m.13 views

Authentication flaw

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

5CVSS5.8AI score0.23141EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2021/12/13 1:8 a.m.20 views

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

6.2AI score0.23141EPSS
Exploits4References2
CVE
CVE
added 2021/12/13 1:8 a.m.76 views

CVE-2021-44848

Thinfinity VirtualUI (before 3.0) has a user-enumeration flaw in /changePassword: responses differ based on whether the username exists, enabling an attacker to determine valid usernames (e.g., Administrator, Guest). This credential disclosure stems from the authentication response behavior and i...

5.3CVSS5.7AI score0.23141EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.9 views

Cybele Software Thinfinity VirtualUI授权问题漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. A security vulnerability exists in Cybele Software Thinfinity VirtualUI, which...

5.3CVSS5.8AI score0.23141EPSS
Exploits4References5
CNVD
CNVD
added 2020/06/05 12:0 a.m.4 views

Cybele Software Thinfinity VirtualUI Cross-Site Scripting Vulnerability

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A cross-site scripting vulnerability exists in Cybele Software Thinfinity VirtualUI...

6.1CVSS6.4AI score0.008EPSS
Exploits2References1
CNVD
CNVD
added 2020/06/05 12:0 a.m.2 views

Cybele Software Thinfinity VirtualUI Path Traversal Vulnerability

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software that supports embedding remote Windows applications into standard Web applications, allowing two-way interaction with Javascript programming. A path traversal vulnerability exists in Cybele Software Thinfinity VirtualUI versi...

6.5CVSS6.9AI score0.01086EPSS
Exploits1References1
NVD
NVD
added 2020/06/04 4:15 p.m.19 views

CVE-2019-16384

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...

6.5CVSS6.5AI score0.01086EPSS
Exploits1References1
OSV
OSV
added 2020/06/04 4:15 p.m.4 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

6.1CVSS6.5AI score0.01086EPSS
Exploits2References1
NVD
NVD
added 2020/06/04 4:15 p.m.13 views

CVE-2019-16385

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...

6.1CVSS6AI score0.01086EPSS
Exploits2References1
Prion
Prion
added 2020/06/04 4:15 p.m.18 views

Path traversal

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions...

4CVSS6.5AI score0.01086EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder