CVSS: 10.0EPSS: 96%CPEs: 7EXPL: 1CVE-2013-3520 – VMware vCenter Chargeback Manager ImageUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3520
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. VMware vCenter Chargeback Manager (aka CBM) anterior a 2.5.1 no maneja adecuadamente las subidas, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Chargeback Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the ImageUploadServlet. This service exposes the functionality which contains a flaw that allows attackers to create files at arbitrary locations with attacker controlled data. • https://www.exploit-db.com/exploits/27046 http://www.vmware.com/security/advisories/VMSA-2013-0008.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1472
https://notcve.org/view.php?id=CVE-2012-1472
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. VMware vCenter Chargeback Manager (CBM) anteriores a 2.0.1 no maneja apropiadamente peticiones XML API, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio a través de vectores sin especificar. • http://www.vmware.com/security/advisories/VMSA-2012-0002.html • CWE-20: Improper Input Validation •