what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files

Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection
Posted Jul 10, 2014
Authored by Brandon Perry

Dell Sonicwall Scrutinizer version 11.01 is vulnerable to an authenticated SQL injection that allows an attacker to write arbitrary files to the file system. This vulnerability can be used to write a PHP script to the file system to gain remote command execution. Metasploit module included. Dell contacted Packet Storm on 07/14/2014 to let us know that release 11.5.2 has been made available to address this issue.

tags | exploit, remote, arbitrary, php, sql injection
SHA-256 | e6844166557a62dfe434032eb24092085e6956f068dc06377704ee9ecd4283d7

Related Files

Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Posted May 17, 2016
Authored by sinn3r, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

tags | exploit, remote, arbitrary, php, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-4977
SHA-256 | 46eef5e2e82adcace1eb86cca34fa1691dfc435af8857a0821e91b120976f5fc
Dell SonicWall Scrutinizer 11.0.1 SQL Injection / Code Execution
Posted May 10, 2016
Authored by mr_me, Brandon Perry

Dell SonicWall Scrutinizer versions 11.0.1 and below setUserSkin/deleteTab SQL injection / remote code execution exploit that leverages a vulnerability found by Brandon Perry in July of 2014.

tags | exploit, remote, code execution, sql injection
SHA-256 | 6dc759bc14a238d30a49e98bea0afabd99f1ed4bda69fec060f0fc09e8cf5e1a
DELL Scrutinizer 12.0.3 Cross Site Scripting
Posted Dec 22, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

DELL Scrutinizer version 12.0.3 suffers from a persistent script insertion vulnerability.

tags | exploit
SHA-256 | 90ecd7a57fd5dd1c8a16a15c21ddf77a0a61b4c26758289c9db26bda4b158d93
Sonicwall OEM Scrutinizer 9.5.2 Cross Site Scripting
Posted Feb 14, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Sonicwall OEM Scrutinizer version 9.5.2 suffers from multiple persistent script insertion vulnerabilities that can allow for cross site scripting.

tags | exploit, vulnerability, xss
SHA-256 | 58a2553eeb09eb1fb2fba9ea4f07d62b4521f18431bfed9b42718e241b4be423
Sonicwall Scrutinizer 9.5.2 SQL Injection
Posted Feb 13, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Sonicwall Scrutinizer version 9.5.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9fe429f76aeb5253943a20e0ae97a9628967b1e8617af19736b039801eb83c17
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
Posted Aug 8, 2012
Authored by sinn3r, Mario Ceballos, Jonathan Claudius, Tanya Secker | Site metasploit.com

This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-3951, OSVDB-84317
SHA-256 | 61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Dell SonicWALL Scrutinizer 9 SQL Injection
Posted Aug 3, 2012
Authored by muts, sinn3r, Devon Kearns | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2012-2962, OSVDB-84232
SHA-256 | 2fd37f85b3b97b8f8c3c3028dc3ce694832b09af2ec361d954d869e453380a88
Secunia Security Advisory 50074
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
SHA-256 | eb4bc7c7983fbc936d2f8fc9acc61b3ad6789d493a3111747661dfc717954d3c
Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload
Posted Jul 29, 2012
Authored by Mario Ceballos, Jonathan Claudius | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

tags | exploit, remote, vulnerability, xss, file upload
advisories | CVE-2012-2626, CVE-2012-2627, CVE-2012-3848, CVE-2012-3951
SHA-256 | 5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3
Secunia Security Advisory 50052
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - muts has reported a vulnerability in Dell SonicWALL Scrutinizer, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | f0ccb5e2b55c245c40ea03dc1aecbb75726164ee9f5337b0ea7f906740a46718
Dell SonicWALL Scrutinizer 9.0.1 SQL Injection
Posted Jul 22, 2012
Authored by muts

Dell SonicWALL Scrutinizer version 9.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-2962
SHA-256 | 51f8331d268be99ec1bf0765163b49d3c86e2071fd657509a74930a28343e6f9
Secunia Security Advisory 48761
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tanya Secker has discovered multiple vulnerabilities in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks and bypass certain security restrictions.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | d2d4ed57a43dd9a9f773f04f9cecd8ae974304d7813230da246b204b04424cf3
Scrutinizer 8.6.2 Bypass / Cross Site Scripting / SQL Injection
Posted Apr 12, 2012
Authored by Tanya Secker | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-1258, CVE-2012-1259, CVE-2012-1260, CVE-2012-1261
SHA-256 | 86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643
Secunia Security Advisory 48795
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tanya Secker has discovered a vulnerability in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | b2ff4d749daacd17a86c4b8616be739c564b76c8235bf5d349e1a31bd76f1ba2
scrutinizer-1.03.tar.gz
Posted Jan 11, 2005
Authored by Markus Roth | Site solutix.ch

The scrutinizer toolkit is designed to protect Web servers from HTTP (D)DoS attacks. It is a toolkit consisting of an analysis engine which analyzes Web server access logfiles in almost real time, an Apache module which is able to block wrongdoers on the Web server, an extension to block offenders with netfilter firewalls, and a set of visualization tools. The analysis engine uses statistical anomaly detection to expose offenders. The engine has to be trained with old log files so that it can adapt itself to your system.

Changes: Bugfix release.
tags | web, denial of service
SHA-256 | fe8229e6e1ba3f1138f6fe88ad1f3fe367b3d0b464201a4e94efcfcf33a39440
scrutinizer-1.02.tar.gz
Posted Dec 31, 2004
Authored by Markus Roth | Site solutix.ch

The scrutinizer toolkit is designed to protect Web servers from HTTP (D)DoS attacks. It is a toolkit consisting of an analysis engine which analyzes Web server access logfiles in almost real time, an Apache module which is able to block wrongdoers on the Web server, an extension to block offenders with netfilter firewalls, and a set of visualization tools. The analysis engine uses statistical anomaly detection to expose offenders. The engine has to be trained with old log files so that it can adapt itself to your system.

tags | web, denial of service
SHA-256 | 3b5c3fcb0185c82c422da19ec48bef0aa8aa70190c1c6004f02a7d7f8184948d
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close