1050 matches found
CVE-2016-7459
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a 1 Log Browser, 2 Distributed Switch setup, or 3 Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML...
CVE-2016-7460
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...
CVE-2016-7459
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a 1 Log Browser, 2 Distributed Switch setup, or 3 Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML...
CVE-2016-7460
CVE-2016-7460 refers to an XML External Entity (XXE) vulnerability in the Single Sign-On feature of VMware products. Affects vCenter Server 5.5 before U3e and 6.0 before U2a, and vRealize Automation 6.x before 6.2.5. A specially crafted XML document containing an external entity declaration and a...
CVE-2016-7460
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...
CVE-2016-7459
Summary of CVE-2016-7459 and related XXE family (VMware VMSA-2016-0022) : VMware vCenter Server versions 5.5 prior to U3e and 6.0 prior to U2a are affected by XML External Entity (XXE) vulnerabilities in the Log Browser, Distributed Switch setup, and Content Library. The root cause is incorrectly...
VMware vSphere Client XXE Injection Information Disclosure (VMSA-2016-0022)
The version of vSphere Client installed on the remote Windows host is affected by an information disclosure vulnerability due to an incorrectly configured XML parser accepting XML external entities XXE from an untrusted source. An unauthenticated, remote attacker can exploit this issue to disclos...
VMware vCenter Server 5.5.x < 5.5u3e / 6.0.x < 6.0u2a Multiple XXE Vulnerabilities (VMSA-2016-0022)
The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5u3e or 6.0.x prior to 6.0u2a. It is, therefore, affected by multiple XML external entity XXE vulnerabilities : - Multiple XML external entity XXE vulnerabilities exist in the Log Browser, the Distributed Switch...
XML External Entity Injection Vulnerability in Multiple VMware Products
VMware vCenter Server is a suite of server and virtualization management software from VMware, Inc. VMware vRealize Automation is a suite of cloud automation software from VMware, Inc. An XML external entity injection vulnerability exists in multiple VMware products and can be exploited by an...
VMware vCenter Server XML External Entity Information Disclosure Vulnerability
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. An XML external entity information disclosur...
VMware vCenter Server XML External Entity (XXE) Vulnerability (VMSA-2016-0022)
VMware vCenter Server contains an XML external entity XXE vulnerability in the Log Browser, the Distributed Switch setup, and the Content Library. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
VMSA-2016-0022:VMware product updates address information disclosure vulnerabilities
VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0022 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address information disclosure...
VMware vCenter Server Detection
Binary data 9596.prm...
VMware vCenter Server Detection via TLS
Binary data 9597.prm...
VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)
The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u2. It is, therefore, affected by an HTTP header injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP...
VMware vCenter Server/ESXi CRLF Injection Vulnerability
VMware vCenter Server enables rapid deployment of virtual machines and monitors the performance of physical servers and virtual machines. A CRLF injection vulnerability exists in VMware vCenter Server U2 prior to version 6.0 and ESXi 6.0, which can be exploited by remote attackers to inject...
CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
Crlf injection
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2016-5331
CVE-2016-5331 describes a CRLF/HTTP header injection vulnerability in VMware vCenter Server 6.0 (before U2) and ESXi 6.0. The underlying issue is CRLF injection that allows remote attackers to manipulate HTTP headers and perform HTTP response splitting via unspecified vectors. Impact is stated as...