32 matches found
CVE-2009-4842
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...
EUVD-2009-4806
Malware in sbrugna...
EUVD-2009-4805
Malware in sbrugna...
EUVD-2009-4807
Malware in sbrugna...
EUVD-2009-4812
Malware in sbrugna...
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
No description provided by source. &redirectSecure Network - Security Research Advisory Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL:...
CVE-2009-4849
Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...
CVE-2009-4848
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 userId parameter to tvserver/server/user/setPermissions.jsp, 2 deptName parameter to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 userId parameter to tvserver/server/user/setPermissions.jsp, 2 deptName parameter to...
CVE-2009-4843
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to 1 the JMX Management Console or 2 the Web Console...
CVE-2009-4845
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields...
CVE-2009-4844
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request...
Authentication flaw
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to 1 the JMX Management Console or 2 the Web Console...
Design/Logic Flaw
ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...
Default credentials
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields...
CVE-2009-4849
Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...
CVE-2009-4849
ToutVirtual VirtualIQ Pro is affected by multiple CSRF vulnerabilities in versions 3.2 (build 7882) and 3.5 (build 8691). The flaws allow remote attackers to hijack administrator sessions and perform sensitive actions via requests to tvserver/user/user.do, including creating a new user account, s...
CVE-2009-4848
ToutVirtual VirtualIQ Pro 3.2 (build 7882) and 3.5 (build 8691) contain multiple cross-site scripting (XSS) vulnerabilities. The flaws allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) userId in tvserver/server/user/setPermissions.jsp, (2) deptName in...