CVSS: 10.0EPSS: 91%CPEs: 8EXPL: 1CVE-2009-3732 – VMware Remote Console e.x.p build-158248 - Format String
https://notcve.org/view.php?id=CVE-2009-3732
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (también conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a través de vectores inespecíficos. • https://www.exploit-db.com/exploits/12188 http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/39110 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.vmware.com/security/advisories/VMSA-2010-0007.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1193
https://notcve.org/view.php?id=CVE-2010-1193
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess en VMware Server 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con mensajes de error JSQN. • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0686
https://notcve.org/view.php?id=CVE-2010-0686
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." WebAccess en VMware VirtualCenter 2.0.2 y 2.5, VMware Server 2.0 y VMware ESX 3.0.3 y 3.5 permite a atacantes remotos aprovechar la funcionalidad de servidor proxy para falsificar el origen de las solicitudes a través de vectores no especificados, relacionados con una "vulnerabilidad para redirigir una URL." • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1137
https://notcve.org/view.php?id=CVE-2010-1137
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess in VMware VirtualCenter 2.0.2 y 2.5 y en VMware ESX 3.0.3 y 3.5 y en Server Console en VMware Server 1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el nombre de una máquina virtual. • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores. • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html http://lists.vmware.com/pipermail/security-announce/2009/000073.html http://secunia.com/advisories/38749 http://secunia.com/advisories/38842 http://securitytracker.com/id?1023683 http://www.osvdb.org/62738 http://www.osvdb.org/62739 http://www.osvdb.org/62740 http://www.osvdb.org/62741 http://www.osvdb.org/62742 http://www.securityfocus.com/archive/1/509883/100/0/threaded http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •