CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 2CVE-2020-28901 – Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution
https://notcve.org/view.php?id=CVE-2020-28901
24 May 2021 — Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. Una Inyección de Comandos en Nagios Fusion versiones 4.1.8 y anteriores, permite la Escalada de Privilegios o una Ejecución de Código como root por medio de vectores relacionados con la instalación de componentes corruptos en el archivo cmd_subsys.php Skylight Cyber has identified a total of 13 vulnerabilities in Nagios XI and... • https://packetstorm.news/files/id/162783 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 16%CPEs: 2EXPL: 2CVE-2020-28900 – Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution
https://notcve.org/view.php?id=CVE-2020-28900
24 May 2021 — Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. Una Comprobación Insuficiente de la Autenticidad de los Datos en Nagios Fusion versiones 4.1.8 y anteriores y Nagios XI versiones 5.7.5 y anteriores, permite la ampliación de privilegios o una ejecución de código como root por medio de vectores relacionados co... • https://packetstorm.news/files/id/162783 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12501
https://notcve.org/view.php?id=CVE-2018-12501
16 Jun 2018 — Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Nagios Fusion en versiones anteriores a la 4.1.4 tiene Cross-Site Scripting (XSS). Esto también se conoce como TPS#13332-13335. • https://www.nagios.com/downloads/nagios-fusion/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
08 Sep 2012 — Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View an... • https://www.exploit-db.com/exploits/37780 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2083
https://notcve.org/view.php?id=CVE-2012-2083
31 Aug 2012 — Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función fusion_core_preprocess_page de fusion_core/template.php en el módulo Fusion anteriores a v6.x-1.13 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a travé... • http://drupal.org/node/1506600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
06 Dec 2010 — The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funci... • https://www.exploit-db.com/exploits/15717 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 2%CPEs: 35EXPL: 0CVE-2010-1141
https://notcve.org/view.php?id=CVE-2010-1141
12 Apr 2010 — VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network sh... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2010-1142
https://notcve.org/view.php?id=CVE-2010-1142
12 Apr 2010 — VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. VMware Tools ... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.7EPSS: 1%CPEs: 28EXPL: 0CVE-2010-1138
https://notcve.org/view.php?id=CVE-2010-1138
12 Apr 2010 — The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •