CVE-2010-0686
https://notcve.org/view.php?id=CVE-2010-0686
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." WebAccess en VMware VirtualCenter 2.0.2 y 2.5, VMware Server 2.0 y VMware ESX 3.0.3 y 3.5 permite a atacantes remotos aprovechar la funcionalidad de servidor proxy para falsificar el origen de las solicitudes a través de vectores no especificados, relacionados con una "vulnerabilidad para redirigir una URL." • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html • CWE-20: Improper Input Validation •
CVE-2010-1137
https://notcve.org/view.php?id=CVE-2010-1137
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess in VMware VirtualCenter 2.0.2 y 2.5 y en VMware ESX 3.0.3 y 3.5 y en Server Console en VMware Server 1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el nombre de una máquina virtual. • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.securityfocus.com/bid/39037 http://www.securitytracker.com/id?1023769 http://www.vmware.com/security/advisories/VMSA-2010-0005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-2277
https://notcve.org/view.php?id=CVE-2009-2277
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebAccess en VMware VirtualCenter 2.0.2 y 2.5 y VMware ESX 3.0.3 y 3.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con los "datos de contexto". • http://lists.vmware.com/pipermail/security-announce/2010/000086.html http://www.securityfocus.com/bid/39037 http://www.vmware.com/security/advisories/VMSA-2010-0005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2100
https://notcve.org/view.php?id=CVE-2008-2100
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema huésped, ejecutar código arbitrario en el sistema anfitrión a través de vectores no específicos. • http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020200 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/bid/29552 http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://www.vupen.com/english/advisories/2008/1744 https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 https://oval.cisecurity.org/repository/search/de • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0967
https://notcve.org/view.php?id=CVE-2008-0967
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Vulnerabilidad de ruta de búsqueda no confiable en vmware-authd en VMware Workstation versión 5.x anterior a 5.5.7 build 91707 y versión 6.x anterior a 6.0.4 build 93057, VMware Player versión 1.x anterior a 1.0.7 build 91707 y versión 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versión 3.5 y VMware ESX versión 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opción de path library en un archivo de configuración. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713 http://secunia.com/advisories/30556 http://security.gentoo.org/glsa/glsa-201209-25.xml http://securityreason.com/securityalert/3922 http://securitytracker.com/id?1020198 http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/bid/29557 http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://www.vupen.com/english/advisories/2008/1744 https://exchange.xforce.ibmcloud. •