CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5673
https://notcve.org/view.php?id=CVE-2016-5673
25 Aug 2016 — UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number. UltraVNC Repeater en versiones anteriores a 1300 no restringe direcciones IP de destino o puertos TCP, lo que permite a atacantes remotos obtener la funcionalidad open-proxy usando una subcadena :: entre la dirección IP y el número de puerto. • http://www.kb.cert.org/vuls/id/735416 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5248
https://notcve.org/view.php?id=CVE-2010-5248
07 Sep 2012 — Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de path de búsqueda no confiable en UltraVNC v1.0.8.2, permite a usuario locales obtener privilegios a través de un fichero vnclang.dll troyanizado en el directorio de trabajo actual, como se demostró med... • http://secunia.com/advisories/41208 •
CVSS: 10.0EPSS: 48%CPEs: 3EXPL: 4CVE-2009-0388 – TightVNC - Authentication Failure Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0388
04 Feb 2009 — Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remot... • https://www.exploit-db.com/exploits/8024 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2008-5001
https://notcve.org/view.php?id=CVE-2008-5001
10 Nov 2008 — Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610. Múltiples desbordamientos basados en pila en múltiples funciones en vncviewer/FileTransfer.cpp en vncviewer para UltraVNC v1.0.2 y v1.0.4 versiones ... • http://forum.ultravnc.info/viewtopic.php?p=45150#45150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 74%CPEs: 5EXPL: 3CVE-2008-0610 – UltraVNC 1.0.2 Client - 'vncviewer.exe' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0610
06 Feb 2008 — Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. Desbordamiento de búfer basado en pila en la función ClientConnection::NegotiateProtocolVersion en vncviewer/ClientConnection.cpp de vncviewer para UltraVNC 1.0.2 y ... • https://www.exploit-db.com/exploits/18666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2206
https://notcve.org/view.php?id=CVE-2006-2206
05 May 2006 — The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0057.html •
CVSS: 9.8EPSS: 85%CPEs: 2EXPL: 6CVE-2006-1652 – UltraVNC 1.0.1 - Client Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1652
06 Apr 2006 — Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint. • https://www.exploit-db.com/exploits/16490 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •