CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2018-1000881
https://notcve.org/view.php?id=CVE-2018-1000881
20 Dec 2018 — Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later. Traccar Traccar Server, en versiones 4.0 y anteriores, contiene una vulnerabilidad CWE-94: control incorrecto de la generación de c... • https://appcheck-ng.com/advisory-remote-code-execution-traccar-server • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2011-0527
https://notcve.org/view.php?id=CVE-2011-0527
15 Aug 2011 — VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. VMware vFabric tc Server (también conocido como SpringSource tc Server) v2.0.x anterior a v2.0.6.RELEASE y v2.1.x anterior a v2.1.2.RELEASE acepta passwords ofuscados durante la autenticación JMX, lo que hace más fácil par... • http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0122.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 0CVE-2010-4294
https://notcve.org/view.php?id=CVE-2010-4294
06 Dec 2010 — The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (hea... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 38EXPL: 1CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
06 Dec 2010 — The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funci... • https://www.exploit-db.com/exploits/15717 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2010-3700
https://notcve.org/view.php?id=CVE-2010-3700
29 Oct 2010 — VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. VMware SpringSource Spring Security v2.x anterior a v2.0.6 y v3.x anterior a v3.0.4, y Acegi Security v1.0.0 hasta v1.0.7, como el usado en IBM WebSphere Application Server (WAS) v6.1 y v7.0, permite a los atacantes remotos evitar las restricciones de segur... • http://osvdb.org/68931 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 3CVE-2009-4811
https://notcve.org/view.php?id=CVE-2009-4811
27 Apr 2010 — VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1139
https://notcve.org/view.php?id=CVE-2010-1139
12 Apr 2010 — Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y V... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.3EPSS: 17%CPEs: 14EXPL: 0CVE-2009-1564
https://notcve.org/view.php?id=CVE-2009-1564
12 Apr 2010 — Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. Desbordamiento de búfer basado en pila en vmnc.dll en VMnc media codec en VMware Movie Decoder anterior a v6.5... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 16%CPEs: 14EXPL: 0CVE-2009-1565
https://notcve.org/view.php?id=CVE-2009-1565
12 Apr 2010 — vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors." vmnc.dll en el codec multimedia VMnc anteriores a v6.5.4 Build 246459... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 34%CPEs: 8EXPL: 1CVE-2009-3732 – VMware Remote Console e.x.p build-158248 - Format String
https://notcve.org/view.php?id=CVE-2009-3732
12 Apr 2010 — Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (también conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a través de vectores inespecíficos. • https://www.exploit-db.com/exploits/12188 • CWE-134: Use of Externally-Controlled Format String •