16 matches found
EUVD-2012-1531
Malware in sbrugna...
VMware vCenter / vRealize Orchestrator 8.x < 8.11.1 XXE (VMSA-2023-0005)
The version of VMware vCenter / vRealize Orchestrator installed on the remote host is 8.x 8.11.1. It is, therefore, affected by an XML external entity vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XM...
CVE-2015-6934
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager vADM 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the...
Immunity Canvas: VREALIZE_VCOFACTORY_DESERIALIZE
Name| vrealizevcofactorydeserialize ---|--- CVE| CVE-2015-6934 Exploit Pack| CANVAS Description| vrealizevcofactorydeserialize Notes| CVE Name: CVE-2015-6934 VENDOR: VMWare NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WOR...
CVE-2015-6934
This CVE (CVE-2015-6934) concerns insecure deserialization in VMware software: VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager 7.x. The root cause is unsafe/deserialization of crafted Java objec...
VMware vCenter Orchestrator Installed
Binary data vmwarevcenterorchestratorinstalled.nbin...
VMware vCenter Orchestrator 5.5.x < 5.5.2 DoS (VMSA-2014-0007)
The version of VMware vCenter Orchestrator installed on the remote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial of service vulnerability due to an error that exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests...
VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007)
The version of VMware vCenter Orchestrator Appliance installed on the remote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial of service vulnerability due to an error that exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipar...
VMware product updates address security vulnerabilities in Apache Struts library
The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues.CVE-2014-0112 may lead to remote code execution. This...
VMSA-2014-0007:VMware product updates address security vulnerabilities in Apache Struts library
VMSA-2014-0007.2 VMware product updates address security vulnerabilities in Apache Struts library VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0007.2 VMware Security Advisory Synopsis: VMware product updates address security vulnerabilities in Apache Struts library...
CVE-2012-1513
The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...
Hardcoded credentials
The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...
CVE-2012-1513
CVE-2012-1513 refers to a vulnerability in the VMware vCenter Orchestrator (vCO) Web Configuration tool where the vCenter Server password is reflected back in an HTML page. This leads to potential information disclosure for remote authenticated administrators who read the page. Affected products/...
VMware vCenter Orchestrator和Alive Enterprise远程代码执行漏洞
CVE ID: CVE-2010-1870 VMware vCenter Orchestrator是自动管理任务的应用程序。Alive Enterprise是监管进程的应用程序。 VMware vCenter Orchestrator和Alive Enterprise在实现上存在远程代码执行漏洞,两个产品中都嵌入了第三方组件Apache Struts,此组件中的远程代码执行漏洞可允许恶意用户绕过ParametersInterceptor内的''-usage保护,使服务器端context对象受控。 VMWare VMware vCenter Orchestrator 4.1 VMWare...
VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability
a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been...
VMSA-2011-0005:VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability
VMSA-2011-0005.3 VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0005.3 VMware Security Advisory Synopsis: VMware vCenter Orchestrator and Alive Enterprise remote code execution...