Dell SonicWALL Scrutinizer version 9.0.1 suffers from a remote SQL injection vulnerability.
51f8331d268be99ec1bf0765163b49d3c86e2071fd657509a74930a28343e6f9This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.
46eef5e2e82adcace1eb86cca34fa1691dfc435af8857a0821e91b120976f5fcDell SonicWall Scrutinizer versions 11.0.1 and below setUserSkin/deleteTab SQL injection / remote code execution exploit that leverages a vulnerability found by Brandon Perry in July of 2014.
6dc759bc14a238d30a49e98bea0afabd99f1ed4bda69fec060f0fc09e8cf5e1aDELL Scrutinizer version 12.0.3 suffers from a persistent script insertion vulnerability.
90ecd7a57fd5dd1c8a16a15c21ddf77a0a61b4c26758289c9db26bda4b158d93Dell SonicWall NetExtender version 7.5.215 suffers from a privilege escalation vulnerability.
f0b514cab106db17e65e6afa1d98fdd80dad6bd4d518110c106cfcff55f1bcd3Dell SonicWALL Secure Remote Access (SRA) versions 7.5 prior to 7.5.1.0-38sv and 8.0 prior to 8.0.0.1-16sv proof of concept cross site request forgery exploit.
43de8c756761ce147782c91354af6256d2ae9d2f155a6b0b31f2d76188da9760DELL SonicWALL GMS version 7.2 build 7221.1701 suffers from multiple reflective cross site scripting vulnerabilities.
8c628a32636a204c5621e732a5912dbe9bec353645b48fb912eabe6942908969Dell Sonicwall Scrutinizer version 11.01 is vulnerable to an authenticated SQL injection that allows an attacker to write arbitrary files to the file system. This vulnerability can be used to write a PHP script to the file system to gain remote command execution. Metasploit module included. Dell contacted Packet Storm on 07/14/2014 to let us know that release 11.5.2 has been made available to address this issue.
e6844166557a62dfe434032eb24092085e6956f068dc06377704ee9ecd4283d7DELL SonicWALL Universal Management Suite version 7.x suffers from a cross site scripting vulnerability.
a8c4737ec215b212b1d12b5a72a696e6fec9b0cc2c369d4678452dd928251184Sonicwall OEM Scrutinizer version 9.5.2 suffers from multiple persistent script insertion vulnerabilities that can allow for cross site scripting.
58a2553eeb09eb1fb2fba9ea4f07d62b4521f18431bfed9b42718e241b4be423Sonicwall Scrutinizer version 9.5.2 suffers from a remote blind SQL injection vulnerability.
9fe429f76aeb5253943a20e0ae97a9628967b1e8617af19736b039801eb83c17This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.
2fd37f85b3b97b8f8c3c3028dc3ce694832b09af2ec361d954d869e453380a88Secunia Security Advisory - A weakness has been discovered in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious, local users to bypass certain security restrictions.
eb4bc7c7983fbc936d2f8fc9acc61b3ad6789d493a3111747661dfc717954d3cScrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3Secunia Security Advisory - muts has reported a vulnerability in Dell SonicWALL Scrutinizer, which can be exploited by malicious people to conduct SQL injection attacks.
f0ccb5e2b55c245c40ea03dc1aecbb75726164ee9f5337b0ea7f906740a46718Secunia Security Advisory - Tanya Secker has discovered multiple vulnerabilities in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks and bypass certain security restrictions.
d2d4ed57a43dd9a9f773f04f9cecd8ae974304d7813230da246b204b04424cf3Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643Secunia Security Advisory - Tanya Secker has discovered a vulnerability in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious people to bypass certain security restrictions.
b2ff4d749daacd17a86c4b8616be739c564b76c8235bf5d349e1a31bd76f1ba2The scrutinizer toolkit is designed to protect Web servers from HTTP (D)DoS attacks. It is a toolkit consisting of an analysis engine which analyzes Web server access logfiles in almost real time, an Apache module which is able to block wrongdoers on the Web server, an extension to block offenders with netfilter firewalls, and a set of visualization tools. The analysis engine uses statistical anomaly detection to expose offenders. The engine has to be trained with old log files so that it can adapt itself to your system.
fe8229e6e1ba3f1138f6fe88ad1f3fe367b3d0b464201a4e94efcfcf33a39440The scrutinizer toolkit is designed to protect Web servers from HTTP (D)DoS attacks. It is a toolkit consisting of an analysis engine which analyzes Web server access logfiles in almost real time, an Apache module which is able to block wrongdoers on the Web server, an extension to block offenders with netfilter firewalls, and a set of visualization tools. The analysis engine uses statistical anomaly detection to expose offenders. The engine has to be trained with old log files so that it can adapt itself to your system.
3b5c3fcb0185c82c422da19ec48bef0aa8aa70190c1c6004f02a7d7f8184948d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed