5 matches found
CVE-2021-22015
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance...
Metasploit Weekly Wrap-UP
GLPI htmLawed PHP Command Injection Our very own bwatters-r7 wrote a module for an unauthenticated PHP command injection vulnerability that exists in various versions of GLPI. The vulnerability is due to a third-party vendor test script being present in default installations. A POST request to...
The vulnerability in the VMI web interface of vCenter Server Appliance, a management tool for VMware vCenter Server virtual infrastructure, allows an attacker to gain unauthorized access to protected information.
The vulnerability in the VCenter Server Management Interface of the VMware vCenter Server web interface relates to deficiencies in path name checking for access to restricted directories. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by...
CVE-2021-22015
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance...
CVE-2017-4943
VMware vCenter Server Appliance vCSA 6.5 before 6.5 U1d contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS...