RSS   Podatności dla 'Scrutinizer'   RSS

2014-07-16
 
CVE-2014-4977

CWE-89
 

 
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.

 
 
CVE-2014-4976

CWE-264
 

 
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.

 
2012-07-31
 
CVE-2012-3951

CWE-89
 

 
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

 
 
CVE-2012-3848

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.

 
 
CVE-2012-2627

 

 
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.

 
 
CVE-2012-2626

CWE-287
 

 
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

 
2012-07-30
 
CVE-2012-2962

CWE-89
 

 
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.

 

 >>> Vendor: Sonicwall 41 Produkty
Soho firewall
Soho2
Tele2
Firmware
SOHO
Content filtering
Soho3
Pro100
Pro200
Pro300
Ssl vpn
Ssl vpn2000/4000
Ssl vpn 200
Global vpn client
E-mail security
Sonicos
E-class ssl vpn
Email security
Ssl-vpn end-point interrogator/installer activex control
Web application firewall
Aventail sra ex virtual appliance
Aventail sra ex6000
Aventail sra ex7000
Aventail sra ex9000
Email security appliance
Scrutinizer
Analyzer
Global management system
Uma e5000 firmware
Network security appliance 2400
Uma em5000
Netextender firmware
Uma em5000 firmware
Viewpoint
Cloud global management system
Secure mobile access
Sonicosv
Universal management appliance
Netextender
Sma 500v
Hosted email security


Copyright 2024, cxsecurity.com

 

Back to Top