Page 5 of 31 results (0.005 seconds)

CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 2

CVE-2015-2342 – VMware vCenter Server JMX RMI Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-2342

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol. El servicio JMX RMI en Vmware vCenter Server 5.0 en versiones anteriores a u3e, 5.1 en versiones anteriores a u3b, 5.5 en versiones anteriores a u3 y 6.0 en versiones anterioes a u1 no restringe el registro de Mbeans, lo que permite a atacantes remotos ejecutar código arbitrario a través del protocolo RMI. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the configuration of the JMX remote interface. This interface allows a remote attacker to register attacker-controlled mbeans. • https://www.exploit-db.com/exploits/36101 http://seclists.org/fulldisclosure/2015/Oct/1 http://www.securityfocus.com/bid/76930 http://www.securitytracker.com/id/1033720 http://www.vmware.com/security/advisories/VMSA-2015-0007.html http://www.zerodayinitiative.com/advisories/ZDI-15-455 https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution https://docs.oracle.com/javase/8/docs/technotes/guides/jmx/JMX_1_4_specification.pdf https: •

CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2015-6932

https://notcve.org/view.php?id=CVE-2015-6932

VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vulnerabilidad en VMware vCenter Server 5.5 en versiones anteriores a u3 y 6.0 en versiones anteriores a u1, no verifica los certificados X.509 de los servidores TLS LDAP, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.securitytracker.com/id/1033582 http://www.vmware.com/security/advisories/VMSA-2015-0006.html • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 0

CVE-2014-4241

https://notcve.org/view.php?id=CVE-2014-4241

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0 y 10.3.6.0 permite a atacantes remotos afectar la integridad a través de vectores relacionados con WLS - Web Services. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68649 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94559 •

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2013-5971

https://notcve.org/view.php?id=CVE-2013-5971

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. Vulnerabilidad de fijación de sesión en el vSphere Web Client Server de VMware vCenter Server 5.0 anterior a Update 3 permite a atacantes remotos secuestrar sesiones web y obtener privilegios a través de vectores sin especificar. • http://osvdb.org/98718 http://www.securityfocus.com/bid/63218 http://www.vmware.com/security/advisories/VMSA-2013-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/88134 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-6326

https://notcve.org/view.php?id=CVE-2012-6326

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. VMware vCenter Server v4.1 anterio a Update 3 and v5.0 anterior a Update 2, y vCSA v5.0 anterior a Update 2, permite a atacantes remotos causar una denegación de servicio (consumo de disco) mediante vectores que generan largas entradas en el log. • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •