CVE-2009-4849

EIP tracks 1 public exploit for CVE-2009-4849. PoCs published by Alberto Trivero.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882, including XSS, CSRF, directory traversal, information leakage, and remote code execution via exposed JBoss consoles. It provides proof-of-concept examples for each vulnerability but does not include functional exploit code.

Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.