CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2007-5397
https://notcve.org/view.php?id=CVE-2007-5397
Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data. Desbordamiento de búfer basado en montículo en el servicio activePDF Server (también conocido como APServer.exe) en activePDF Server 3.8.4 y 3.8.5.14, y posiblemente versiones anteriores a 3.8.6.16, que permite a atacantes remotos ejecutar código de su elección a través de un paquete con un tamaño de campo que es menor que el tamaño de datos actual. • http://secunia.com/advisories/27371 http://secunia.com/secunia_research/2007-87/advisory http://www.securityfocus.com/bid/28013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5618
https://notcve.org/view.php?id=CVE-2007-5618
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. Una ruta de búsqueda en Windows sin cerrar las comillas en el servicio Authorization y en otros servicios en el VMware Player 1.0.x anterior al 1.0.5 y el 2.0 anterior al 2.0.1, en el VMware Server anterior al 1.0.4; y en el Workstation 5.x anterior al 5.5.5 y el 6.x anterior al 6.0.1, puede permitir a usuarios locales obtener privilegios a través de programas maliciosos. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://secunia.com/advisories/26890 http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/28276 http://www.securityfocus.com/bid/28289 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player&#x •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5619
https://notcve.org/view.php?id=CVE-2007-5619
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. Una vulnerabilidad no especificada en VMware Server versiones anteriores a 1.0.4 causa que las contraseñas de usuario se registren en texto sin cifrar en los registros del servidor, lo que podría permitir a usuarios locales alcanzar privilegios. • http://www.vmware.com/support/server/doc/releasenotes_server.html •
CVSS: 1.9EPSS: 0%CPEs: 52EXPL: 0CVE-2007-5438
https://notcve.org/view.php?id=CVE-2007-5438
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function. Vulnerabilidad no especificada en un cierto control ActiveX en Reconfig.DLL en VMware Workstation 5.5.x anteriores al 5.5.8 build 108000, VMware Workstation versiones 6.0.x anteriores a 6.0.5 build 109488, VMware Player versiones 1.x anteriores a 1.0.8 build 108000, VMware Player versiones 2.x anteriores a 2.0.5 build 109488, VMware ACE versiones 1.x anteriores a 1.0.7 build 108880, VMware ACE versiones 2.x anteriores a 2.0.5 build 109488 y VMware Server versiones anteriores a 1.0.7 build 108231, podría permitir a usuarios locales una denegación de servicio al Virtual Disk Mount Service (vmount2.exe), relacionado con la función ConnectPopulatedDiskEx. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://osvdb.org/43488 http://secunia.com/advisories/31707 http://secunia.com/advisories/31708 http://secunia.com/advisories/31709 http://secunia.com/advisories/31710 http://securityreason.com/securityalert/3219 http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf http://www.securityfocus.com/archive/1/482021/100/0/threaded http://www.securityfocus.com/archive/1/495869/100/0/threaded http://www.secur • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2007-5023
https://notcve.org/view.php?id=CVE-2007-5023
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. Una vulnerabilidad de ruta (path) de búsqueda de Windows sin comillas en EMC VMware Workstation versiones anteriores a 5.5.5 Build 56455 y versiones 6.x anteriores a 6.0.1 Build 55017, Player versiones anteriores a 1.0.5 Build 56455 y Player versiones 2 anteriores a 2.0.1 Build 55017, ACE versiones anteriores a 1.0.3 Build 54075 y Server versiones anteriores a 1.0.4 Build 56528, permite a usuarios locales alcanzar privilegios por medio de vectores de ataque no especificados, posiblemente involucrando a un archivo malicioso "program.exe" en la carpeta C:. • http://www.securityfocus.com/bid/25732 http://www.vmware.com/support/ace/doc/releasenotes_ace.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html • CWE-264: Permissions, Privileges, and Access Controls •