Xen Guest Detection

According to the MAC address of its network adapter, the remote host is a Xen virtual machine. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid35081; scriptversion "1.11"; scriptcvsdate"Date: 2020/01/22"; scriptnameenglish:"Xen Guest Detection";...

CVE-2008-5104

Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by 1 python-vm-builder or 2 ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! exclamation point as the default root password, which allows attackers to bypass intended login restrictions...

Default credentials

Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by 1 python-vm-builder or 2 ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! exclamation point as the default root password, which allows attackers to bypass intended login restrictions...

CVE-2008-5104

CVE-2008-5104 describes a default root password vulnerability in VMBuilder-based workflows on Ubuntu 6.06 LTS/7.10/8.04 LTS/8.10 when VM images are created with VMBuilder 0.9 in Ubuntu 8.10 (via python-vm-builder or ubuntu-vm-builder). The root password is set to !, allowing an attacker with acce...

Java Web Start Buffer overflow vulnerabilities (6557220)

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by a an application that grants itself...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3107

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

Design/Logic Flaw

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

Flash Player vulnerabilities of the new use of the method-vulnerability warning-the black bar safety net

Source: Phantom maillist Two days before the recommended Mark Dowd's Paper “Exploiting Flash Reliably” Learn a little, very good very powerful. For later Flash Player exploits has opened up a new new road. Simple to say, from Flash9 to start, to achieve an ActionScript Virtual Machine AVM, the...

CVE-2008-1340

Virtual Machine Communication Interface VMCI in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service host OS crash via crafted VMCI calls that trigger "memory exhaustion and memory corruption."...

Memory corruption

Virtual Machine Communication Interface VMCI in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service host OS crash via crafted VMCI calls that trigger "memory exhaustion and memory corruption."...

CVE-2008-1185

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186,...

Design/Logic Flaw

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment JRE and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.216 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue....

Design/Logic Flaw

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

DEBIAN-CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine...

CVE-2008-0928

CVE-2008-0928 affects Qemu 0.9.1 and earlier, where missing range checks on block device read/write allow guest-host users with root privileges to access arbitrary memory and potentially escape the VM. The connected Nessus/OpenVAS advisories corroborate that CVE-2008-0928 is discussed alongside o...

Fedora 7 : kvm-36-8.fc7 (2008-1973)

Ian Jackson discovered that accesses beyond end of qemu emulated disk devices can result in accesses to emulator's virtual memory space accesses and thus can allow user with sufficient privilege in guest root, as this would need modification to kernel's driver to break out of VM...