CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6325
https://notcve.org/view.php?id=CVE-2012-6325
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. VMware vCenter Server Appliance (vCSA) v5.0 anteriores a Update 2 no analiza correctamente la sintaxis de los documentos XML, permitiendo que usuarios remotos autenticados accedan a ficheros de su elección mediante vectores de ataque no especificados. • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5050
https://notcve.org/view.php?id=CVE-2012-5050
Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el servidor en VMware vCenter Operations (también conocido como vCOps) anteriores a v5.0.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html http://osvdb.org/85959 http://secunia.com/advisories/50795 http://www.securitytracker.com/id?1027612 http://www.vmware.com/security/advisories/VMSA-2012-0014.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1513
https://notcve.org/view.php?id=CVE-2012-1513
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. La herramienta "Web Configuration" en VMWare vCenter Orchestrator (vCO) v4.0 anterior a Update v4, v4.1 anterior a Update v2, y v4.2 anterior a Update v1 situa la contraseña vCenter Server en un documento HTML, lo que permite a administradores remotos autenticados obtener información delicada mediante la lectura de este fichero. • http://osvdb.org/80120 http://secunia.com/advisories/48408 http://www.securityfocus.com/bid/52525 http://www.securitytracker.com/id?1026816 http://www.vmware.com/security/advisories/VMSA-2012-0005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/74091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1472
https://notcve.org/view.php?id=CVE-2012-1472
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. VMware vCenter Chargeback Manager (CBM) anteriores a 2.0.1 no maneja apropiadamente peticiones XML API, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio a través de vectores sin especificar. • http://www.vmware.com/security/advisories/VMSA-2012-0002.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 96%CPEs: 6EXPL: 1CVE-2011-4404 – VMware - Update Manager Directory Traversal
https://notcve.org/view.php?id=CVE-2011-4404
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. La configuración por defecto del servidor HTTP en Jetty en vSphere Update Manager bajo VMware vCenter Update Manager v4.0 antes de la actualización 4 y v4.1 antes de la actualización 2 permite realizar ataques de salto de directorio y leer archivos arbitrarios a atacantes remotos a través de vectores no especificados. Se trata de un problema relacionado con CVE-2009 -1523. VMware Update Manager versions 4.1 prior to update 2 suffer from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/18138 http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/handler/ResourceHandler.html http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/servlet/DefaultServlet.html http://www.securitytracker.com/id?1026341 http://www.vmware.com/security/advisories/VMSA-2011-0014.html https://www.vmware.com/security/advisories/VMSA-2011-0014.html http://dsecrg.com/pages/vul/show.php?id=342 • CWE-16: Configuration •