Filtered by vendor Cybelsoft
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-25226 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 10.0 Critical |
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | ||||
CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 9.8 Critical |
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. |
Page 1 of 1.