VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
Max CVSS
5.0
EPSS Score
1.33%
Published
2006-07-31
Updated
2018-10-30
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Max CVSS
3.6
EPSS Score
0.05%
Published
2006-07-21
Updated
2018-10-30
2 vulnerabilities found