58 matches found
CVE-2008-3697
CVE-2008-3697 concerns a remote DoS in VMware Server via an ISAPI extension. The issue is triggered by sending a malformed request to an ISAPI extension (iisperl.dll), which can cause the IIS service to terminate. VMware documents that the vulnerable extension is part of VMware Server prior to 1....
CVE-2007-5618
CVE-2007-5618 refers to an unquoted Windows search path vulnerability in VMware products (Workstation, Player, Server, ACE) prior to specified fixed versions. The issue allows local users to gain privileges by exploiting improperly quoted paths in Authorization and other services. Affected ranges...
CVE-2010-1138
CVE-2010-1138 corresponds to an information-disclosure vulnerability in VMware hosted products where a guest can cause the host vmware-vmx memory to be exposed via the virtual networking stack when processing network packets. Affected products include VMware Workstation/Player/ACE/Server/Fusion a...
CVE-2006-3589
The CVE-2006-3589 issue affects VMware products on Linux: VMware Player/Workstation/Server for Linux, VMware ESX Server 2.x, and VMware Infrastructure 3. vmware-config.pl does not check the return code of Perl chmod, and lacks using safe_chmod, which can leave SSL key files with an unsafe umask a...
CVE-2009-1146
Affected software: VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745. Vulnerability: An unspecified DoS issue exists in the ioctl handling of hcmon.sys, enablin...
CVE-2010-1193
CVE-2010-1193 is a Cross-site Scripting (XSS) vulnerability in VMware WebAccess for VMware Server 2.0. The issue arises from improper handling of JSON error messages, enabling an attacker to inject arbitrary script/HTML when a user is enticed to click a crafted link. The vulnerability is part of ...
CVE-2008-3695
CVE-2008-3695 is grouped with other VMware ActiveX control issues (CVE-2008-3691 to CVE-2008-3696). The connected documents describe an unspecified vulnerability in VMware ActiveX controls across multiple products (Workstation, Player, ACE, Server) with unknown impact and remote attack vectors; n...
CVE-2007-5619
CVE-2007-5619 describes an unspecified vulnerability in VMware Server before 1.0.4 that causes user passwords to be recorded in cleartext in server logs , potentially allowing a local attacker to gain privileges. The NVD assesses a high impact (CVSS v2: base score 7.2; LOCAL access, low attack co...