CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2018-1000881
https://notcve.org/view.php?id=CVE-2018-1000881
20 Dec 2018 — Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later. Traccar Traccar Server, en versiones 4.0 y anteriores, contiene una vulnerabilidad CWE-94: control incorrecto de la generación de c... • https://appcheck-ng.com/advisory-remote-code-execution-traccar-server • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2011-0527
https://notcve.org/view.php?id=CVE-2011-0527
15 Aug 2011 — VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. VMware vFabric tc Server (también conocido como SpringSource tc Server) v2.0.x anterior a v2.0.6.RELEASE y v2.1.x anterior a v2.1.2.RELEASE acepta passwords ofuscados durante la autenticación JMX, lo que hace más fácil par... • http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0122.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 6%CPEs: 34EXPL: 0CVE-2010-4294 – VMWare VMnc Codec Frame Decompression Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-4294
03 Dec 2010 — The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (hea... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4295 – VMware Security Advisory 2010-0018
https://notcve.org/view.php?id=CVE-2010-4295
03 Dec 2010 — Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. Condición de carrera en el proceso de montaje de vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4296 – VMware Security Advisory 2010-0018
https://notcve.org/view.php?id=CVE-2010-4296
03 Dec 2010 — vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. vmware-mount en VMware Workstation 7.x anteriores a la 7.1.2 build 301548 en Linux, VMware Player 3.1.x anteriores a la 3.1.2 build 301548 en Linux, VMware Server 2.0.2 en Linux,... • http://lists.vmware.com/pipermail/security-announce/2010/000112.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 2%CPEs: 38EXPL: 2CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
03 Dec 2010 — The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funci... • https://packetstorm.news/files/id/96508 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 1CVE-2010-3700 – Spring Security Security Constraint Bypass
https://notcve.org/view.php?id=CVE-2010-3700
28 Oct 2010 — VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. VMware SpringSource Spring Security v2.x anterior a v2.0.6 y v3.x anterior a v3.0.4, y Acegi Security v1.0.0 hasta v1.0.7, como el usado en IBM WebSphere Application Server (WAS) v6.1 y v7.0, permite a los atacantes remotos evitar las restricciones de segur... • https://packetstorm.news/files/id/95231 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 3CVE-2009-4811 – Gentoo Linux Security Advisory 201209-25
https://notcve.org/view.php?id=CVE-2009-4811
27 Apr 2010 — VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 30%CPEs: 8EXPL: 1CVE-2009-3732 – VMware Remote Console e.x.p build-158248 - Format String
https://notcve.org/view.php?id=CVE-2009-3732
10 Apr 2010 — Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (también conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a través de vectores inespecíficos. VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and... • https://www.exploit-db.com/exploits/12188 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.3EPSS: 17%CPEs: 14EXPL: 0CVE-2009-1564 – VMWare VMnc Codec HexTile Encoding Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1564
10 Apr 2010 — Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. Desbordamiento de búfer basado en pila en vmnc.dll en VMnc media codec en VMware Movie Decoder anterior a v6.5... • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •