2 matches found
CVE-2009-3759
Multiple cross-site request forgery CSRF vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for 1 requests that change the password via the username parameter to config/changepw.php or 2 stop a...
CVE-2009-3759
CVE-2009-3759 concerns multiple CSRF vulnerabilities in the XenServer Resource Kit sample code used by Citrix XenCenterWeb. The issues allow remote attackers to hijack administrator authentication to trigger (1) password changes via config/changepw.php and (2) VM stopping via hardstopvm.php (stop...