cve/CVE-2006-2369.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

POC

Reference

http://seclists.org/fulldisclosure/2022/May/29
http://securityreason.com/securityalert/8355
http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml
http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html

Github

https://github.com/RootUp/AutoSploit
https://github.com/hackerhouse-opensource/exploits
https://github.com/krishpranav/autosploit

1.1 KiB Raw Blame History

CVE-2006-2369

Description

POC

Reference

Github

1.1 KiB

Raw Blame History