CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2020-28901 – Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution
https://notcve.org/view.php?id=CVE-2020-28901
24 May 2021 — Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. Una Inyección de Comandos en Nagios Fusion versiones 4.1.8 y anteriores, permite la Escalada de Privilegios o una Ejecución de Código como root por medio de vectores relacionados con la instalación de componentes corruptos en el archivo cmd_subsys.php Skylight Cyber has identified a total of 13 vulnerabilities in Nagios XI and... • https://packetstorm.news/files/id/162783 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2020-28900 – Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution
https://notcve.org/view.php?id=CVE-2020-28900
24 May 2021 — Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. Una Comprobación Insuficiente de la Autenticidad de los Datos en Nagios Fusion versiones 4.1.8 y anteriores y Nagios XI versiones 5.7.5 y anteriores, permite la ampliación de privilegios o una ejecución de código como root por medio de vectores relacionados co... • https://packetstorm.news/files/id/162783 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 10%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-12501
https://notcve.org/view.php?id=CVE-2018-12501
16 Jun 2018 — Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. Nagios Fusion en versiones anteriores a la 4.1.4 tiene Cross-Site Scripting (XSS). Esto también se conoce como TPS#13332-13335. • https://www.nagios.com/downloads/nagios-fusion/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
08 Sep 2012 — Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View an... • https://www.exploit-db.com/exploits/37780 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2083
https://notcve.org/view.php?id=CVE-2012-2083
31 Aug 2012 — Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función fusion_core_preprocess_page de fusion_core/template.php en el módulo Fusion anteriores a v6.x-1.13 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a travé... • http://drupal.org/node/1506600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 48EXPL: 0CVE-2012-3288
https://notcve.org/view.php?id=CVE-2012-3288
14 Jun 2012 — VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. VMware Workstation v7.x antes de v7.1.6 y v8.x antes de v8.0.4, VMware Player v3.x antes de v3.1.6 y v4.x antes de v4.0.4, VMware Fusion... • http://www.vmware.com/security/advisories/VMSA-2012-0011.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 23%CPEs: 18EXPL: 0CVE-2011-3868
https://notcve.org/view.php?id=CVE-2011-3868
07 Oct 2011 — Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. Desbordamiento de bufer en VMware Workstation 7.x anterior a v7.1.5, VMware Player v3.x anterior a v3.1.5, VMware Fusion v3.1.x anterior v3.1.3, y VMware AMS permite a atacantes remotos ejecutar código arbitrario mediante un systema de ficheros manipulado UDF en una imagen ISO • http://osvdb.org/76060 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
06 Dec 2010 — The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funci... • https://www.exploit-db.com/exploits/15717 • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 28EXPL: 0CVE-2010-1138
https://notcve.org/view.php?id=CVE-2010-1138
12 Apr 2010 — The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •