CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5024
https://notcve.org/view.php?id=CVE-2007-5024
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. EMC VMware Server versiones anteriores a 1.0.4 Build 56528 escribe contraseñas en texto en claro en ficheros de trazas no especificados, lo cual permite a usuarios locales obtener información confidencial al leer estos ficheros, vulnerabilidad distinta de CVE-2005-3620. • http://www.vmware.com/support/server/doc/releasenotes_server.html • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 83%CPEs: 5EXPL: 0CVE-2007-3618 – EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3618
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." Desbordamiento de búfer basado en pila en el Servicio de Ejecución Remota NetWorker (nsrexecd.exe) en EMC Software NetWorker 7.x.x permite a atacantes remotos ejecutar código de su elección mediante (1) un sondeo o (2) una petición de terminación (kill) con un "subcmd inválido largo". These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Networker Remote Exec Service, nsrexecd.exe. The location of this service is available by querying the SUNRPC portmapper on TCP port 111 for service #0x5f3e1, version 1. • http://osvdb.org/39744 http://secunia.com/advisories/26517 http://securityreason.com/securityalert/3043 http://www.securityfocus.com/archive/1/477172/100/0/threaded http://www.securityfocus.com/bid/25375 http://www.securitytracker.com/id?1018590 http://www.vupen.com/english/advisories/2007/2931 http://www.zerodayinitiative.com/advisories/ZDI-07-049.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36123 •
CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 1CVE-2007-4155 – VMware Inc 6.0.0 - CreateProcess Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-4155
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method. Vulnerabilidad de salto de ruta absoluta en un determinado control ActiveX en vielib.dll de EMC VMware 6.0.0 permite a atacantes remotos ejecutar programas locales de su elección mediante un nombre de ruta absoluta en los dos primeros argumentos de los métodos (1) CreateProcess ó (2) CreateProcessEx • https://www.exploit-db.com/exploits/4245 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://secunia.com/advisories/26890 http://www.securityfocus.com/bid/25131 http://www.securitytracker.com/id?1018511 http://www.vmware.com/support/ace/doc/releasenotes_ace.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2& •
CVSS: 4.3EPSS: 82%CPEs: 1EXPL: 1CVE-2007-4058 – VMware Inc 6.0.0 - 'vielib.dll 2.2.5.42958' Remode Code Execution
https://notcve.org/view.php?id=CVE-2007-4058
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. Vulnerabilidad de salto de directorio absoluto en un determinado control ActiveX de viewlib.dll 2.2.5.42958 en EMC VMware 6.0.0 permite a atacantes remotos ejecutar programas locales de su elección mediante un nombre de ruta completo en el primer argumento del método StartProcess. • https://www.exploit-db.com/exploits/4244 http://www.securityfocus.com/bid/25118 https://exchange.xforce.ibmcloud.com/vulnerabilities/35673 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7200
https://notcve.org/view.php?id=CVE-2006-7200
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. EMC RSA Security SiteKey emite vales de exención de desafío (challenge-bypass tokens) que persisten para siempre sin una interfaz de cancelación para los usuarios finales, lo cual facilita a los atacantes evitar una fase de la autenticación mediante el robo y reproducción de un vale. • http://www.cr-labs.com/publications/SiteKey-20060718.pdf http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf •