Page 3 of 18 results (0.008 seconds)

CVSS: 7.9EPSS: 0%CPEs: 14EXPL: 0

Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder." Vulnerabilidad de ruta de búsqueda no confiable en VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows, permite a a los usuarios del sistema operativo anfitrión, ganar privilejos del sistema operativo anfitrión a través de una DLL caballo de troya en una "carpeta del sistema". • http://osvdb.org/87119 http://www.securityfocus.com/bid/56470 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79923 •

CVSS: 9.3EPSS: 96%CPEs: 15EXPL: 2

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. Vulnerabilidad de formato de cadena en VMware OVF Tool v2.1 en Windows, tal y como se utiliza en VMware Workstation v8x antes de v8.0.5, v4.x VMware Player antes de v4.0.5, y otros productos, permite ejecutar código de su elección a atacantes remotos asistidos por un usuario local a través de un archivo OVF debidamente modificado. • https://www.exploit-db.com/exploits/24461 https://www.exploit-db.com/exploits/24460 http://osvdb.org/87117 http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html http://secunia.com/advisories/51240 http://technet.microsoft.com/en-us/security/msvr/msvr13-002 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79922 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 8.3EPSS: 0%CPEs: 14EXPL: 0

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos débiles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a través de una aplicación diseñada. • http://osvdb.org/87118 http://www.securityfocus.com/bid/56469 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79924 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 20EXPL: 1

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View anteriores a v5.1, y VMware ESX v4.1 anteriores a vU3 y v5.0 anteriores a vP03, permite a usuario locales obtener privilegios a través de un fichero tpfc.dll troyanizado en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/37780 http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device. VMware Workstation antes de v8.0.4 8.x, VMware Player antes de v4.0.4 4.x, VMware ESXi v3.5 a v5.0 y VMware ESX v3.5 a v4.1 permiten a atacantes remotos causar una denegación de servicio (caida del sistema operativo huesped) a través de tráfico de red de un dispositivo virtual remoto red espcíficamente modificado. • http://www.vmware.com/security/advisories/VMSA-2012-0011.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •