CVE

Id
36595  
CVE No.
CVE-2008-6478  
Status
Candidate  
Description
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.  
Phase
Assigned (20090316)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
399307 36595 CVE-2008-6478 BUGTRAQ:20080402 Parallels virtuozzo"s VZPP multiple csrf vulnerabilities  View
399308 36595 CVE-2008-6478 URL:http://www.securityfocus.com/archive/1/archive/1/490409/100/0/threaded  View
399309 36595 CVE-2008-6478 MISC:http://px.dynalias.org/files/virtuozzo_overwrite.html.txt  View
399310 36595 CVE-2008-6478 BID:28589  View
399311 36595 CVE-2008-6478 URL:http://www.securityfocus.com/bid/28589  View
399312 36595 CVE-2008-6478 OSVDB:44395  View
399313 36595 CVE-2008-6478 URL:http://osvdb.org/44395  View
399314 36595 CVE-2008-6478 SECUNIA:29675  View
399315 36595 CVE-2008-6478 URL:http://secunia.com/advisories/29675  View
399316 36595 CVE-2008-6478 XF:virtuozzo-file-manager-csrf(41640)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
43207 JVNDB-2009-004214 Joomla! 用の treeg コンポーネントにおける PHP リモートファイルインクルージョンの脆弱性 Joomla! 用の Flash Tree Gallery (com_treeg) コンポーネントの admin.treeg.php には、register_globals が有効な際、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2008-6482 36595 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004214.html  View