Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Scrutinizer'
2014-07-16
CVE-2014-4977
CWE-89
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
CVE-2014-4976
CWE-264
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
2012-07-31
CVE-2012-3951
CWE-89
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
CVE-2012-3848
CWE-79
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
CVE-2012-2627
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
CVE-2012-2626
CWE-287
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
2012-07-30
CVE-2012-2962
CWE-89
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
>>>
Vendor:
Sonicwall
41
Products
Soho firewall
Soho2
Tele2
SOHO
Content filtering
Soho3
Firmware
Pro100
Pro200
Pro300
Ssl vpn
Ssl vpn2000/4000
Ssl vpn 200
Global vpn client
E-mail security
Sonicos
E-class ssl vpn
Ssl-vpn end-point interrogator/installer activex control
Aventail sra ex virtual appliance
Aventail sra ex6000
Aventail sra ex7000
Aventail sra ex9000
Email security appliance
Scrutinizer
Analyzer
Global management system
Uma e5000 firmware
Network security appliance 2400
Uma em5000
Netextender firmware
Uma em5000 firmware
Cloud global management system
Email security
Secure mobile access
Sonicosv
Web application firewall
Universal management appliance
Viewpoint
Netextender
Sma 500v
Hosted email security
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Scrutinizer' 