vmware software vulnerabilities
vulnerabilities.aspcode.net
Searching vmware software vulnerabilities
VMware Workstation 4.0 for Linux allows local u
manipulation"
|
Workstation
|
privileges
|
overwrite
|
arbitrary
|
"symlink
|
allows
|
VMware
|
Linux
|
users
|
local
|
files
|
gain
|
via
|
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
VMware GSX Server 2.5.1 build 4968 and earlier,
Server
|
VMware
|
GSX
|
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
VMware Workstation 4.0.1 for Linux, build 5289
Workstation
|
VMware
|
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
VMware before 4.5.2.8848-r5 searches for gdk-pi
world-writable
|
gdk-pixbuf
|
4528848-r5
|
arbitrary
|
libraries
|
temporary
|
directory
|
includes
|
rrdharan
|
searches
|
execute
|
before
|
allows
|
shared
|
VMware
|
users
|
local
|
using
|
which
|
code
|
path
|
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.
Unquoted Windows search path vulnerability in V
vulnerability
|
Workstation
|
Unquoted
|
Windows
|
VMWare
|
search
|
path
|
Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
The dhcp.client program for QNX 4.25 vmware is
dhcpclient
|
program
|
QNX
|
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks.
The configuration of VMware ESX Server 2.x, 2.0
configuration
|
service
|
denial
|
allows
|
VMware
|
Server
|
local
|
cause
|
users
|
20x
|
ESX
|
25x
|
21x
|
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.
VMware Server before RC1 does not clear user cr
credentials
|
privileges
|
connection
|
attackers
|
console
|
memory
|
VMware
|
Server
|
before
|
which
|
local
|
allow
|
might
|
clear
|
after
|
gain
|
does
|
user
|
made
|
RC1
|
not
|
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
vmware-config.pl in VMware for Linux, ESX Serve
vmware-configpl
|
Infrastructure
|
function
|
created
|
return
|
unsafe
|
allows
|
Server
|
modify
|
VMware
|
might
|
which
|
cause
|
users
|
Linux
|
chmod
|
local
|
umask
|
check
|
read
|
file
|
Perl
|
code
|
does
|
call
|
key
|
ESX
|
SSL
|
not
|
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Buffer overflow in an ActiveX control in VMWare
overflow
|
control
|
ActiveX
|
VMWare
|
Buffer
|
Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function.
VMware Workstation 5.5.3 build 34685 does not p
Workstation
|
VMware
|
VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permisssions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.
The memory management in VMware Workstation bef
Workstation
|
management
|
before
|
memory
|
VMware
|
The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).
Double free vulnerability in VMware ESX Server
vulnerability
|
VMware
|
Server
|
Double
|
free
|
ESX
|
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
Buffer overflow in VMware ESX Server 3.0.0 and
overflow
|
Server
|
VMware
|
Buffer
|
ESX
|
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
Directory traversal vulnerability in the Shared
vulnerability
|
Workstation
|
Directory
|
traversal
|
feature
|
Folders
|
before
|
Shared
|
VMware
|
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
VMware Workstation before 5.5.4, when running a
Workstation
|
before
|
VMware
|
VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."
VMware Workstation before 5.5.4 allows attacker
Workstation
|
before
|
VMware
|
VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.
The PIIX4 power management subsystem in EMC VMw
Workstation
|
management
|
subsystem
|
VMware
|
PIIX4
|
power
|
EMC
|
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.
Absolute path traversal vulnerability in a cert
vulnerability
|
traversal
|
vielibdll
|
Absolute
|
control
|
ActiveX
|
certain
|
path
|
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.
Absolute path traversal vulnerability in a cert
IntraProcessLoggingdll
|
vulnerability
|
traversal
|
Absolute
|
control
|
ActiveX
|
certain
|
path
|
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
Software vulnerabilities results 1 to 20 of 44
Page:
1
2
3
►