CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3107
https://notcve.org/view.php?id=CVE-2013-3107
01 May 2013 — VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. VMware vCenter Server v5.1 Update 1 antes, cuando el enlace LDAP anónimo para Active Directory está activado, permite a atacantes remotos evitar la autenticación proporcionando un nombre de usuario válido en combinación con una contraseña vacía. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 1%CPEs: 32EXPL: 0CVE-2013-1659
https://notcve.org/view.php?id=CVE-2013-1659
22 Feb 2013 — VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream. VMware vCenter Server v4.0 anterior a Update 4b, v5.0 anterior a Update 2, y v5.1 anterior a 5.1.0b; VMware ESXi v3.5 a la v5.1; y VMware ES... • http://www.vmware.com/security/advisories/VMSA-2013-0003.html •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-6326
https://notcve.org/view.php?id=CVE-2012-6326
22 Feb 2013 — VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. VMware vCenter Server v4.1 anterio a Update 3 and v5.0 anterior a Update 2, y vCSA v5.0 anterior a Update 2, permite a atacantes remotos causar una denegación de servicio (consumo de disco) mediante vectores que generan largas entradas en el log. • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2013-1405
https://notcve.org/view.php?id=CVE-2013-1405
15 Feb 2013 — VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente ... • http://www.vmware.com/security/advisories/VMSA-2013-0001.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6324
https://notcve.org/view.php?id=CVE-2012-6324
21 Dec 2012 — Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en in VMware vCenter Server Appliance (vCSA) v5.0 anteriores a Update 2 y v5.1 anteriores a Patch 1 permite que usuarios remotos autenticados accedan a ficheros de su elección mediante vectores de ataque no especificados • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6325
https://notcve.org/view.php?id=CVE-2012-6325
21 Dec 2012 — VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. VMware vCenter Server Appliance (vCSA) v5.0 anteriores a Update 2 no analiza correctamente la sintaxis de los documentos XML, permitiendo que usuarios remotos autenticados accedan a ficheros de su elección mediante vectores de ataque no especificados. • http://www.vmware.com/security/advisories/VMSA-2012-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5050
https://notcve.org/view.php?id=CVE-2012-5050
05 Oct 2012 — Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el servidor en VMware vCenter Operations (también conocido como vCOps) anteriores a v5.0.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1513
https://notcve.org/view.php?id=CVE-2012-1513
16 Mar 2012 — The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. La herramienta "Web Configuration" en VMWare vCenter Orchestrator (vCO) v4.0 anterior a Update v4, v4.1 anterior a Update v2, y v4.2 anterior a Update v1 situa la contraseña vCenter Server en un documento HTML, lo que p... • http://osvdb.org/80120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1472
https://notcve.org/view.php?id=CVE-2012-1472
13 Mar 2012 — VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. VMware vCenter Chargeback Manager (CBM) anteriores a 2.0.1 no maneja apropiadamente peticiones XML API, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio a través de vectores sin especificar. • http://www.vmware.com/security/advisories/VMSA-2012-0002.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 85%CPEs: 6EXPL: 2CVE-2011-4404 – VMware - Update Manager Directory Traversal
https://notcve.org/view.php?id=CVE-2011-4404
19 Nov 2011 — The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. La configuración por defecto del servidor HTTP en Jetty en vSphere Update Manager bajo VMware vCenter Update Manager v4.0 antes de la actualización 4 y v4.1 antes de la actualización 2 permite realizar ataque... • https://packetstorm.news/files/id/180928 • CWE-16: Configuration •