Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-1531

Malware in sbrugna...

4CVSS6.1AI score0.01209EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/02/24 12:0 a.m.35 views

VMware vCenter / vRealize Orchestrator 8.x < 8.11.1 XXE (VMSA-2023-0005)

The version of VMware vCenter / vRealize Orchestrator installed on the remote host is 8.x 8.11.1. It is, therefore, affected by an XML external entity vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XM...

8.8CVSS8.4AI score0.01265EPSS
Exploits0References2
NVD
NVD
added 2015/12/21 3:59 a.m.26 views

CVE-2015-6934

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager vADM 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the...

7.5CVSS7.5AI score0.05049EPSS
Exploits1References2
canvas
canvas
added 2015/12/21 3:59 a.m.547 views

Immunity Canvas: VREALIZE_VCOFACTORY_DESERIALIZE

Name| vrealizevcofactorydeserialize ---|--- CVE| CVE-2015-6934 Exploit Pack| CANVAS Description| vrealizevcofactorydeserialize Notes| CVE Name: CVE-2015-6934 VENDOR: VMWare NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WOR...

7.5CVSS7.3AI score0.05049EPSS
Exploits1
CVE
CVE
added 2015/12/21 2:0 a.m.101 views

CVE-2015-6934

This CVE (CVE-2015-6934) concerns insecure deserialization in VMware software: VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager 7.x. The root cause is unsafe/deserialization of crafted Java objec...

7.5CVSS7.4AI score0.05049EPSS
Exploits1References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/10/24 12:0 a.m.7 views

VMware vCenter Orchestrator Installed

Binary data vmwarevcenterorchestratorinstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/10/24 12:0 a.m.42 views

VMware vCenter Orchestrator 5.5.x < 5.5.2 DoS (VMSA-2014-0007)

The version of VMware vCenter Orchestrator installed on the remote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial of service vulnerability due to an error that exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests...

7.5CVSS7.2AI score0.83175EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2014/10/24 12:0 a.m.46 views

VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007)

The version of VMware vCenter Orchestrator Appliance installed on the remote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial of service vulnerability due to an error that exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipar...

7.5CVSS7.2AI score0.83175EPSS
Exploits8References2
VMware
VMware
added 2014/06/24 12:0 a.m.61 views

VMware product updates address security vulnerabilities in Apache Struts library

The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues.CVE-2014-0112 may lead to remote code execution. This...

7.5CVSS8.6AI score0.99614EPSS
Exploits15References3Affected Software2
VMware
VMware
added 2014/06/22 12:0 a.m.85 views

VMSA-2014-0007:VMware product updates address security vulnerabilities in Apache Struts library

VMSA-2014-0007.2 VMware product updates address security vulnerabilities in Apache Struts library VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0007.2 VMware Security Advisory Synopsis: VMware product updates address security vulnerabilities in Apache Struts library...

7.5CVSS8.6AI score0.99614EPSS
Exploits15References5Affected Software2
NVD
NVD
added 2012/03/16 8:55 p.m.11 views

CVE-2012-1513

The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...

4CVSS5.8AI score0.01209EPSS
Exploits0References6
Prion
Prion
added 2012/03/16 8:55 p.m.13 views

Hardcoded credentials

The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...

4CVSS6.2AI score0.01209EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/03/16 8:0 p.m.53 views

CVE-2012-1513

CVE-2012-1513 refers to a vulnerability in the VMware vCenter Orchestrator (vCO) Web Configuration tool where the vCenter Server password is reflected back in an HTML page. This leads to potential information disclosure for remote authenticated administrators who read the page. Affected products/...

4CVSS5.8AI score0.01209EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2011/05/10 12:0 a.m.46 views

VMware vCenter Orchestrator和Alive Enterprise远程代码执行漏洞

CVE ID: CVE-2010-1870 VMware vCenter Orchestrator是自动管理任务的应用程序。Alive Enterprise是监管进程的应用程序。 VMware vCenter Orchestrator和Alive Enterprise在实现上存在远程代码执行漏洞,两个产品中都嵌入了第三方组件Apache Struts,此组件中的远程代码执行漏洞可允许恶意用户绕过ParametersInterceptor内的''-usage保护,使服务器端context对象受控。 VMWare VMware vCenter Orchestrator 4.1 VMWare...

5CVSS9.4AI score0.91079EPSS
Exploits22
VMware
VMware
added 2011/03/14 12:0 a.m.56 views

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been...

5CVSS4AI score0.91079EPSS
Exploits22References1Affected Software2
VMware
VMware
added 2011/03/12 12:0 a.m.54 views

VMSA-2011-0005:VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

VMSA-2011-0005.3 VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0005.3 VMware Security Advisory Synopsis: VMware vCenter Orchestrator and Alive Enterprise remote code execution...

5CVSS10AI score0.91079EPSS
Exploits22References2Affected Software2
Rows per page
Query Builder