Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown

CVE-2013-1405

Disclosure Date: February 15, 2013 (last updated October 05, 2023)
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
0
Attacker Value
Unknown

CVE-2011-0426

Disclosure Date: May 09, 2011 (last updated October 04, 2023)
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.
0
Attacker Value
Unknown

CVE-2010-1137

Disclosure Date: April 01, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
0
Attacker Value
Unknown

CVE-2010-0686

Disclosure Date: April 01, 2010 (last updated October 04, 2023)
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
0
Attacker Value
Unknown

CVE-2009-2277

Disclosure Date: April 01, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
0
Attacker Value
Unknown

CVE-2009-1072

Disclosure Date: March 25, 2009 (last updated October 04, 2023)
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
0
Attacker Value
Unknown

CVE-2008-4278

Disclosure Date: October 06, 2008 (last updated October 04, 2023)
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
0
Attacker Value
Unknown

CVE-2008-3514

Disclosure Date: August 13, 2008 (last updated October 04, 2023)
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
0