30 matches found
EUVD-2001-1402
Malware in sbrugna...
EUVD-2000-1149
Malware in sbrugna...
SUSE CVE-2001-0168
Buffer overflow in AT&T WinVNC Virtual Network Computing server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0...
Use after free
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation LPE on a vulnerable system. The vulnerability has been fixed to...
CVE-2022-24750 Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation LPE on a vulnerable system. The vulnerability has been fixed to...
CVE-2001-1594
GE Healthcare eNTEGRA P&R has a password of 1 entegra for the entegra user, 2 passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, 3 0 for the entegra user of the Codonics printer FTP service, 4 eNTEGRA for the eNTEGRA P&R user account, 5 insite for the WinVNC Login, and...
WinVNC Web Server <= 3.3.3r7 - GET Overflow
No description provided by source. $Id: winvnchttpget.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
WinVNC Web Server 3.3.3r7 - GET Overflow (Metasploit)
$Id: winvnchttpget.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
WinVNC Web Server <= v3.3.3r7 GET Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'WinVNC Web...
WinVNC Web Server GET Overflow
This module exploits a buffer overflow in the AT WinVNC version 'WinVNC Web Server GET Overflow', 'Description' = %q This module exploits a buffer overflow in the AT&T WinVNC version 'aushack', 'License' = MSFLICENSE, 'References' = 'BID', '2306' , 'OSVDB', '6280' , 'CVE', '2001-0168' , ,...
RealVNC / WinVNC terminalservice information leak
Before authentication client receives information about operation system and platform...
[Full-disclosure] RealVNC/WinVNC Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two simple vulnerabilities wich may lead to an os guess + null session + several others infos while scanning port 5900, low risk on paper but high online risk: My 2cent suggestion to the realvnc team would be to totally remove this "No Authentication"...
CVE-2001-1422
The CVE-2001-1422 entry concerns WinVNC 3.3.3 and earlier, where generating the same challenge string for multiple connections allows remote attackers to bypass VNC authentication by sniffing the challenge/response of other users. Affected software: WinVNC versions up to 3.3.3 (and earlier). Unde...
CVE-2001-1422
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users...
AT&T WinVNC server contains buffer overflow in Log.cpp
Overview A buffer overflow in the WinVNC server on Windows systems can allow an intruder to gain control of the VNC server and execute arbitrary code with the privileges of the user running the server. Description AT&T WinVNC is a free software package available from AT&T Labs Cambridge that allo...
AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack
Overview WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be...
AT&T WinVNC allows user access to passwords and configuration via weak registry permissions
Overview The default installation of WinVNC on certain Microsoft Windows systems permits unauthenticated access to the WinVNC service. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be available on the desktop of a remote...
CVE-2000-1164
The CVE-2000-1164 issue affects WinVNC, specifically the WinVNC3 registry key HKLM\Software\ORL\WinVNC3. The root cause is weak permissions that grant read/modify access to the Everybody group (and in some contexts to non-admin users), allowing extraction or alteration of the VNC password and oth...
CVE-2000-1164
WinVNC installs the WinVNC3 registry key with permissions that give Special Access read and modify to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system...
CVE-2001-0167
Buffer overflow in AT&T WinVNC Virtual Network Computing client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string...