• Sign in

CVE-2009-4849

    CVE-2009-4849  
Description Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.
Impact
  CVSS v2 : 6.8 MEDIUM  
Type
  CWE-352  
Attack Vector
CVSSv2 Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P
Quick linksCVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References
http://secunia.com/advisories/37359
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
http://www.securityfocus.com/archive/1/507729/100/0/threaded
  • FAQ
  • Terms of service
  • Privacy policy