cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2011-0426,https://securityvulnerability.io/vulnerability/CVE-2011-0426,,"Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.",Vmware,"Vcenter,Virtualcenter",,,0.002850000048056245,false,false,false,false,,false,false,2011-05-09T22:55:00.000Z,0
CVE-2010-1137,https://securityvulnerability.io/vulnerability/CVE-2010-1137,,"Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.",Vmware,Virtualcenter,,,0.00279000005684793,false,false,false,false,,false,false,2010-04-01T19:00:00.000Z,0
CVE-2009-2277,https://securityvulnerability.io/vulnerability/CVE-2009-2277,,"Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to ""context data.""",Vmware,"Esx Server,Virtualcenter",,,0.001990000018849969,false,false,false,false,,false,false,2010-04-01T19:00:00.000Z,0
CVE-2010-0686,https://securityvulnerability.io/vulnerability/CVE-2010-0686,,"WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a ""URL forwarding vulnerability.""",Vmware,Virtualcenter,,,0.008009999990463257,false,false,false,false,,false,false,2010-04-01T19:00:00.000Z,0
CVE-2009-0518,https://securityvulnerability.io/vulnerability/CVE-2009-0518,,"VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.",Vmware,"Vmware Esx,Vmware Virtualcenter,Vmware Esxi",,,0.0004199999966658652,false,false,false,false,,false,false,2009-04-06T15:00:00.000Z,0
CVE-2008-4278,https://securityvulnerability.io/vulnerability/CVE-2008-4278,,"VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.",Vmware,Virtualcenter,,,0.000590000010561198,false,false,false,false,,false,false,2008-10-06T18:00:00.000Z,0
CVE-2008-3514,https://securityvulnerability.io/vulnerability/CVE-2008-3514,,"VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side ""enabled/disabled functionality"" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an ""attempt to assign permissions to other system users.""",Vmware,Virtualcenter,,,0.00786999985575676,false,false,false,false,,false,false,2008-08-13T10:00:00.000Z,0
CVE-2006-5990,https://securityvulnerability.io/vulnerability/CVE-2006-5990,,"VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.",Vmware,Virtualcenter,,,0.0016799999866634607,false,false,false,false,,false,false,2006-11-21T01:00:00.000Z,0