23 matches found
CVE-2009-4842
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...
EUVD-2009-4806
Malware in sbrugna...
EUVD-2009-4807
Malware in sbrugna...
EUVD-2009-4812
Malware in sbrugna...
EUVD-2009-4805
Malware in sbrugna...
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
No description provided by source. &redirectSecure Network - Security Research Advisory Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL:...
CVE-2009-4849
Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...
CVE-2009-4848
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 userId parameter to tvserver/server/user/setPermissions.jsp, 2 deptName parameter to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 userId parameter to tvserver/server/user/setPermissions.jsp, 2 deptName parameter to...
CVE-2009-4844
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request...
CVE-2009-4843
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to 1 the JMX Management Console or 2 the Web Console...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...
Authentication flaw
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to 1 the JMX Management Console or 2 the Web Console...
CVE-2009-4849
Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...
CVE-2009-4849
ToutVirtual VirtualIQ Pro is affected by multiple CSRF vulnerabilities in versions 3.2 (build 7882) and 3.5 (build 8691). The flaws allow remote attackers to hijack administrator sessions and perform sensitive actions via requests to tvserver/user/user.do, including creating a new user account, s...
CVE-2009-4845
The CVE-2009-4845 entry concerns ToutVirtual VirtualIQ Pro 3.2 build 7882, where the configuration page stores SSH credentials in cleartext. The root cause is exposure of usernames and passwords via the configuration UI, enabling remote attackers to obtain sensitive information without exploiting...
CVE-2009-4843
CVE-2009-4843 affects ToutVirtual VirtualIQ Pro prior to 3.5 build 8691. The issue is that the JBoss consoles (JMX Management Console and Web Console) do not require administrative authentication, enabling remote attackers to execute arbitrary commands through targeted requests. The vulnerability...
CVE-2009-4843
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to 1 the JMX Management Console or 2 the Web Console...
CVE-2009-4842
ToutVirtual VirtualIQ Pro 3.5 build 8691 has multiple XSS vulnerabilities. Remote attackers can inject arbitrary script/HTML via parameters (addNewDept, deptId, deptDesc) to tvserver/server/user/addDepartment.jsp and (firstName, lastName, email) in a save action to tvserver/user/user.do. The issu...