|
268771
|
5.4 |
MEDIUM
Network
|
vmware
|
esxi
|
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted …
|
CWE-79
Cross-site Scripting
|
CVE-2016-7463
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268772
|
8.5 |
HIGH
Network
|
vmware
|
vrealize_operations
|
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a rel…
|
CWE-264
CWE-749
Permissions, Privileges, and Access Controls
Exposed Dangerous Method or Function
|
CVE-2016-7462
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268773
|
8.8 |
HIGH
Local
|
vmware
|
fusion
fusion_pro
workstation_player
workstation_pro
|
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS us…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-7461
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268774
|
9.1 |
CRITICAL
Network
|
vmware
|
vrealize_automation
|
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of ser…
|
CWE-611
XXE
|
CVE-2016-7460
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268775
|
7.7 |
HIGH
Network
|
vmware
|
vcenter_server
|
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML docum…
|
CWE-611
XXE
|
CVE-2016-7459
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268776
|
5.8 |
MEDIUM
Network
|
vmware
|
vsphere_client
|
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjun…
|
CWE-611
XXE
|
CVE-2016-7458
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268777
|
10.0 |
CRITICAL
Network
|
vmware
|
vrealize_operations
|
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7457
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268778
|
9.8 |
CRITICAL
Network
|
vmware
|
vsphere_data_protection
|
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
|
CWE-255
Credentials Management
|
CVE-2016-7456
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268779
|
6.5 |
MEDIUM
Network
|
kde
|
kmail
|
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
|
CWE-94
Code Injection
|
CVE-2016-7968
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268780
|
8.1 |
HIGH
Network
|
kde
|
kmail
|
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URL…
|
CWE-94
CWE-284
Code Injection
Improper Access Control
|
CVE-2016-7967
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
