6 matches found
CVE-2009-4844
The CVE-2009-4844 entry concerns ToutVirtual VirtualIQ Pro 3.2 build 7882. The vulnerability arises because access to the /status URI on port 9080 is not restricted, enabling remote attackers to obtain sensitive Tomcat information via a direct request. This constitutes an exposure in the manageme...
CVE-2009-4842
ToutVirtual VirtualIQ Pro 3.5 build 8691 has multiple XSS vulnerabilities. Remote attackers can inject arbitrary script/HTML via parameters (addNewDept, deptId, deptDesc) to tvserver/server/user/addDepartment.jsp and (firstName, lastName, email) in a save action to tvserver/user/user.do. The issu...
CVE-2009-4843
CVE-2009-4843 affects ToutVirtual VirtualIQ Pro prior to 3.5 build 8691. The issue is that the JBoss consoles (JMX Management Console and Web Console) do not require administrative authentication, enabling remote attackers to execute arbitrary commands through targeted requests. The vulnerability...
CVE-2009-4849
ToutVirtual VirtualIQ Pro is affected by multiple CSRF vulnerabilities in versions 3.2 (build 7882) and 3.5 (build 8691). The flaws allow remote attackers to hijack administrator sessions and perform sensitive actions via requests to tvserver/user/user.do, including creating a new user account, s...
CVE-2009-4848
ToutVirtual VirtualIQ Pro 3.2 (build 7882) and 3.5 (build 8691) contain multiple cross-site scripting (XSS) vulnerabilities. The flaws allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) userId in tvserver/server/user/setPermissions.jsp, (2) deptName in...
CVE-2009-4845
The CVE-2009-4845 entry concerns ToutVirtual VirtualIQ Pro 3.2 build 7882, where the configuration page stores SSH credentials in cleartext. The root cause is exposure of usernames and passwords via the configuration UI, enabling remote attackers to obtain sensitive information without exploiting...