CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5248
https://notcve.org/view.php?id=CVE-2010-5248
Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de path de búsqueda no confiable en UltraVNC v1.0.8.2, permite a usuario locales obtener privilegios a través de un fichero vnclang.dll troyanizado en el directorio de trabajo actual, como se demostró mediante un directorio que contenía un fichero .vnc. NOTA: La procedencia de esta información es desconocida. Algunos de estos detalles se han obtenido de terceros. • http://secunia.com/advisories/41208 http://web.archive.org/web/20100924002712/http://www.uvnc.com/download •
CVSS: 10.0EPSS: 89%CPEs: 3EXPL: 4CVE-2009-0388 – TightVNC - Authentication Failure Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0388
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Errores múltiples de signo de entero en (1) UltraVNC v1.0.2 y v1.0.5 y (2) TightVnc v1.3.9 permiten a atacantes remotos provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) o posiblemente ejecutar codigo de su elección mediante un valor de gran longitud en un mensaje, en relación con las funciones (a) ClientConnection::CheckBufferSize y (b) ClientConnection::CheckFileZipBufferSize en ClientConnection.cpp. • https://www.exploit-db.com/exploits/8024 https://www.exploit-db.com/exploits/7990 http://forum.ultravnc.info/viewtopic.php?t=14654 http://secunia.com/advisories/33807 http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=rev&revision=3564 http://www.coresecurity.com/content/vnc-integer-overflows http://www.securityfocus.com/archive/1/500632/100/0/threaded http://www.securityfocus.com/bid/33568 http://www.vupen.com/english/advisories/2009/0321 http://www.vupen.com/ • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0CVE-2008-5001
https://notcve.org/view.php?id=CVE-2008-5001
Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610. Múltiples desbordamientos basados en pila en múltiples funciones en vncviewer/FileTransfer.cpp en vncviewer para UltraVNC v1.0.2 y v1.0.4 versiones anteriores a v01252008, cuando en modo ESCUCHA o cuando utilizan el extensión (plugin) DSM, permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores no especificados, una cuestión diferente a CVE-2008-0610. • http://forum.ultravnc.info/viewtopic.php?p=45150#45150 http://secunia.com/advisories/28804 http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887 http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/FileTransfer.cpp?view=log#rev183 http://www.securityfocus.com/bid/27687 http://www.vupen.com/english/advisories/2008/0486 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 29%CPEs: 5EXPL: 3CVE-2008-0610 – UltraVNC 1.0.2 Client - 'vncviewer.exe' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0610
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. Desbordamiento de búfer basado en pila en la función ClientConnection::NegotiateProtocolVersion en vncviewer/ClientConnection.cpp de vncviewer para UltraVNC 1.0.2 y 1.0.4 antes de 01252008. Cuando se está en modo ESCUCHA (LISTENING) o cuando se utiliza el plugin DSM, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída) a través de un valor de tamaño modificado. • https://www.exploit-db.com/exploits/18666 http://forum.ultravnc.info/viewtopic.php?t=11850 http://secunia.com/advisories/28747 http://sourceforge.net/project/shownotes.php?release_id=571174&group_id=63887 http://ultravnc.svn.sourceforge.net/viewvc/ultravnc/UltraVNC%20Project%20Root/UltraVNC/vncviewer/ClientConnection.cpp?sortby=date&r1=169&r2=168&pathrev=169 http://www.exploit-db.com/exploits/18666 http://www.kb.cert.org/vuls/id/721460 http://www.securityfocus.com/bid/27561 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2206
https://notcve.org/view.php?id=CVE-2006-2206
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0057.html http://www.securityfocus.com/bid/17824 https://exchange.xforce.ibmcloud.com/vulnerabilities/26283 •