Page 2 of 11 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •

CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Ruby vSphere Console (RVC) en VMware vCenter Server Appliance permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root mediante la evasión de una jaula chroot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of the Ruby vSphere Console (RVC) provided by the vCenter Server Appliance. Commands can be run in a privileged context allowing an attacker to break-out of a chroot jail. • http://secunia.com/advisories/58823 http://www.securityfocus.com/bid/67756 http://www.securitytracker.com/id/1030436 http://zerodayinitiative.com/advisories/ZDI-14-159 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. VMware vCenter Server Appliance (vcsa) v5.1 antes Update 1 permite a los usuarios remotos autenticados crear o sobreescribir archivos arbitrarios, y por lo tanto ejecutar código arbitrario o causar una denegación de servicio, aprovechando la interfaz de administración de dispositivo virtual (VAMI) Acceso a la interfaz web. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. VMware vCenter Server Appliance (vcsa) v5.1 antes Update 1 permite a los usuarios remotos autenticados ejecutar programas arbitrarios con privilegios de root mediante el aprovechamiento de la interfaz de administración Virtual Appliance (VAMI) de acceso. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.6EPSS: 0%CPEs: 32EXPL: 0

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream. VMware vCenter Server v4.0 anterior a Update 4b, v5.0 anterior a Update 2, y v5.1 anterior a 5.1.0b; VMware ESXi v3.5 a la v5.1; y VMware ESX v3.5 a la v4.1, no implementan adecuadamente el protocolo Network File Copy (NFC), lo que permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) mediante la modificación de los datos en el flujo client-server. • http://www.vmware.com/security/advisories/VMSA-2013-0003.html •