Tableau server suffers from a remote blind SQL injection vulnerability. Versions 8.1.X before 8.1.2 and 8.0.X before 8.0.7 are affected.
ebf6b43d894838fe1a6ca916802d8cfcb730ad9a2026321cedbb90facb145ccd
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643