CVSS: 8.5EPSS: 0%CPEs: 35EXPL: 0CVE-2010-1142
https://notcve.org/view.php?id=CVE-2010-1142
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. VMware Tools en VMware Workstation v6.5.x anterior v6.5.4 build 246459; VMware Player v2.5.x anterior v2.5.4 build 246459; VMware ACE v2.5.x anterior v2.5.4 build 246459; VMware Server v2.x anterior v2.0.2 build 203138; VMware Fusion v2.x anterior v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX v2.5.5, v3.0.3, v3.5, y v4.0 no cargan adecuadamente los programas VMware, lo que puede permitir a usuarios de petición de sistemas operativos Windows obtener privilegios estableciendo un troyano en una dirección no especificada en el disco de petición OS. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/39198 http://secunia.com/advisories/39206 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt http://www.securityfocus.com/bid/39394 http://www.securitytracker.com/id?1023832 http://www& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0686
https://notcve.org/view.php?id=CVE-2010-0686
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." WebAccess en VMware VirtualCenter 2.0.2 y 2.5, VMware Server 2.0 y VMware ESX 3.0.3 y 3.5 permite a atacantes remotos aprovechar la funcionalidad de servidor proxy para falsificar el origen de las solicitudes a través de vectores no especificados, relacionados con una "vulnerabilidad para redirigir una URL." • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1137
https://notcve.org/view.php?id=CVE-2010-1137
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess in VMware VirtualCenter 2.0.2 y 2.5 y en VMware ESX 3.0.3 y 3.5 y en Server Console en VMware Server 1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el nombre de una máquina virtual. • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2277
https://notcve.org/view.php?id=CVE-2009-2277
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess en VMware VirtualCenter 2.0.2 y 2.5 y VMware ESX 3.0.3 y 3.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con los "datos de contexto". • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://www.securityfocus.com/bid/39037 http://www.vmware.com/security/advisories/VMSA-2010-0005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 95%CPEs: 18EXPL: 1CVE-2009-3733 – VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3733
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware Server v1.x anteriores a v1.0.10 build 203137 y v2.x anteriores a v2.0.2 build 203138 en Linux, VMware ESXi v3.5 y VMware ESX v3.0.3 y v3.5 permite a atacantes remotos leer ficheros de su elección a través de vectores de ataque sin especificar. • https://www.exploit-db.com/exploits/33310 http://lists.vmware.com/pipermail/security-announce/2009/000069.html http://secunia.com/advisories/37186 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securitytracker.com/id?1023088 http://securitytracker.com/id?1023089 http://www.securityfocus.com/archive/1/507523/100/0/threaded http://www.securityfocus.com/bid/36842 http://www.vmware.com/security/advisories/VMSA-2009-0015.html http://www.vupen.com/english/advisories/2009&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •