VMware has acknowledged a weakness and a vulnerability in VMware ESX Server, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).
1) An error in libpng can be exploited by malicious people to cause a DoS.
For more information:
2) The VMware Consolidated Backup(VCB) command-line utilities use the password as command line argument when invoking other programs. This can be exploited to disclose the password via e.g. the "ps" command.
Successful exploitation requires access to the service console.
This vulnerability does not affect VMware ESXi 3.5.