CVE-2012-2083
https://notcve.org/view.php?id=CVE-2012-2083
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función fusion_core_preprocess_page de fusion_core/template.php en el módulo Fusion anteriores a v6.x-1.13 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro q. • http://drupal.org/node/1506600 http://drupal.org/node/1507510 http://drupalcode.org/project/fusion.git/commit/f7cee3d http://osvdb.org/80680 http://secunia.com/advisories/48606 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3288
https://notcve.org/view.php?id=CVE-2012-3288
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. VMware Workstation v7.x antes de v7.1.6 y v8.x antes de v8.0.4, VMware Player v3.x antes de v3.1.6 y v4.x antes de v4.0.4, VMware Fusion v4.x antes de 4.1.3, VMware ESXi v3.5 a v5.0 y VMware ESX v3.5 a v4.1 permite ejecutar código de su elección en el sistema operativo anfitrión a atacantes remotos (con cierta ayuda de usuarios locales) o causar una denegación de servicio (por corrupción de memoria) en el sistema operativo anfitrión a través de un archivo Checkpoint modificado. • http://www.vmware.com/security/advisories/VMSA-2012-0011.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17178 • CWE-20: Improper Input Validation •
CVE-2011-3868
https://notcve.org/view.php?id=CVE-2011-3868
Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image. Desbordamiento de bufer en VMware Workstation 7.x anterior a v7.1.5, VMware Player v3.x anterior a v3.1.5, VMware Fusion v3.1.x anterior v3.1.3, y VMware AMS permite a atacantes remotos ejecutar código arbitrario mediante un systema de ficheros manipulado UDF en una imagen ISO • http://osvdb.org/76060 http://secunia.com/advisories/46241 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/archive/1/520005/100/0/threaded http://www.securityfocus.com/bid/49942 http://www.securitytracker.com/id?1026139 http://www.vmware.com/security/advisories/VMSA-2011-0011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4297 – VMware Tools - Update OS Command Injection
https://notcve.org/view.php?id=CVE-2010-4297
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. La funcionalidad actualizar de VMware Tools en VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548; VMware Player 2.5.x anteriores a la 2.5.5 build 328052 y 3.1.x anteriores a la 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x anteriores a la 2.0.8 build 328035 y 3.1.x anteriores a la 3.1.2 build 332101; VMware ESXi 3.5, 4.0, y 4.1; y VMware ESX 3.0.3, 3.5, 4.0, y 4.1 permite a los usuarios del SO base escalar privilegios en el SO invitado a través de vectores sin especificar. Relacionado con inyecciones de comandos. • https://www.exploit-db.com/exploits/15717 http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69590 http://secunia.com/advisories/42480 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45166 http://www.securitytracker.com/id?1024819 http://www.securitytracker.com/id?1024820 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/ • CWE-20: Improper Input Validation •
CVE-2010-1141
https://notcve.org/view.php?id=CVE-2010-1141
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. VMware Tools en VMware Workstation v6.5.x before v6.5.4 build v246459; VMware Player v2.5.x anterior a v2.5.4 build 246459; VMware ACE v2.5.x anterior a v2.5.4 build 246459; VMware Server v2.x anterior a v2.0.2 build 203138; VMware Fusion v2.x anterior a v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX 2.5.5, 3.0.3, 3.5, y 4.0 no accede adecuadamente a las bibliotecas de acceso, lo cual permite a atacantes remotos ayudados por usuarios ejecutar código a su elección al engañar a un usuario en un cliente Windows OS a hacer clic en un archivo que se almacena en un recurso compartido de red. • http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://secunia.com/advisories/39198 http://secunia.com/advisories/39206 http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securitytracker.com/id?1023832 http://www.securitytracker.com/id?1023833 http://www.vmware.com/security/advisories/VMSA-2010-0007.html https://oval • CWE-264: Permissions, Privileges, and Access Controls •