CVE-2008-1361
https://notcve.org/view.php?id=CVE-2008-1361
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. VMware Workstation versiones 6.0.x anteriores a 6.0.3 y 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales conseguir privilegios mediante una manipulación no específica que causa que el proceso authd conecte con un nombre de tubería de su elección, siendo una vulnerabilidad diferente que CVE-2008-1362. • http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3755 http://securitytracker.com/id?1019621 http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/28276 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player/doc/releasenotes_player • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1362
https://notcve.org/view.php?id=CVE-2008-1362
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361. VMware Workstation versiones 6.0.x anteriores a 6.0.3 y versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y versiones 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales conseguir privilegios o provocar una denegación de servicio utilizando la suplantación del proceso authd a través de un uso no especificado de una "tubería de nombres creada de forma no segura", siendo una vulnerabilidad diferente que CVE-2008-1361. • http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3755 http://securitytracker.com/id?1019621 http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/28276 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player/doc/releasenotes_player • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5397
https://notcve.org/view.php?id=CVE-2007-5397
Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data. Desbordamiento de búfer basado en montículo en el servicio activePDF Server (también conocido como APServer.exe) en activePDF Server 3.8.4 y 3.8.5.14, y posiblemente versiones anteriores a 3.8.6.16, que permite a atacantes remotos ejecutar código de su elección a través de un paquete con un tamaño de campo que es menor que el tamaño de datos actual. • http://secunia.com/advisories/27371 http://secunia.com/secunia_research/2007-87/advisory http://www.securityfocus.com/bid/28013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5618
https://notcve.org/view.php?id=CVE-2007-5618
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. Una ruta de búsqueda en Windows sin cerrar las comillas en el servicio Authorization y en otros servicios en el VMware Player 1.0.x anterior al 1.0.5 y el 2.0 anterior al 2.0.1, en el VMware Server anterior al 1.0.4; y en el Workstation 5.x anterior al 5.5.5 y el 6.x anterior al 6.0.1, puede permitir a usuarios locales obtener privilegios a través de programas maliciosos. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://secunia.com/advisories/26890 http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/28276 http://www.securityfocus.com/bid/28289 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player •
CVE-2007-5619
https://notcve.org/view.php?id=CVE-2007-5619
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. Una vulnerabilidad no especificada en VMware Server versiones anteriores a 1.0.4 causa que las contraseñas de usuario se registren en texto sin cifrar en los registros del servidor, lo que podría permitir a usuarios locales alcanzar privilegios. • http://www.vmware.com/support/server/doc/releasenotes_server.html •