CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-6366 – VMware Hyperic HQ Groovy Script-Console - Java Execution
https://notcve.org/view.php?id=CVE-2013-6366
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. La consola de script en VMware Hyperic HQ 4.6.6 permite a los administradores remotos autenticados ejecutar código arbitrario a través de una llamada a Runtime.getRuntime ().exe • https://www.exploit-db.com/exploits/28962 http://www.exploit-db.com/exploits/28962 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2899
https://notcve.org/view.php?id=CVE-2009-2899
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments. El script en perl monitor en el plugin de base de datos Sybase en SpringSource Hyperic HQ anterior a v4.3 permite a usuarios locales obtener la contraseña de la base de datos mediante el listado de procesos y sus argumentos • http://communities.vmware.com/thread/348773 http://support.springsource.com/security/CVE-2009-2899 https://jira.hyperic.com/browse/HHQ-1031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •