EUVD-2008-6449

Malware in sbrugna...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft build 3.0.0-25.4.swsoft allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd...

CVE-2008-6479

Cross-site request forgery CSRF vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft build 3.0.0-25.4.swsoft allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft build 4.0.0-365.6.swsoft and 25.4.swsoft build 3.0.0-25.4.swsoft allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag...

CVE-2008-6479

The CVE-2008-6479 entry describes a CSRF vulnerability affecting Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) in the VZPP web interface. The flaw allows remote attackers to modify the password via a crafted link or IMG tag to vz/cp/pwd. The vulnerability is tied to the web interface’...

CVE-2008-6479

Cross-site request forgery CSRF vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft build 3.0.0-25.4.swsoft allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd...

CVE-2008-6478

CVE-2008-6478 describes a CSRF vulnerability in the file manager of the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft). The flaw allows remote attackers to perform administrator-level actions by enticing a user to load ...

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/28593/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will...

Parallels virtuozzo's VZPP multiple csrf vulnerabilities

hello, Parallels www.parallels.com has developed a server virtualization system called Virtuozzo. It comes with a web interface, called VZPP, very similar to parallel's Plesk that allows system admins to manage their virtual servers. Unfortunatly this nice web interface is affected by multiple cs...

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/28593/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to...