RSS   Vulnerabilities for 'Virtuozzo containers'   RSS

2009-03-16
 
CVE-2008-6478

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.

 

 >>> Vendor: Parallels 11 Products
H-sphere
Plesk
Confixx
Parallels desktop
Virtuozzo containers
Parallels virtuozzo
Parallels plesk panel
Parallels plesk small business panel
Parallels small business panel
Remote application server
Parallels


Copyright 2024, cxsecurity.com

 

Back to Top