CVE-2014-4976
- EPSS 2.74%
- Veröffentlicht 16.07.2014 14:19:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
CVE-2014-4977
- EPSS 74.93%
- Veröffentlicht 16.07.2014 14:19:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_i...
CVE-2012-3848
- EPSS 2.49%
- Veröffentlicht 31.07.2012 10:45:42
- Zuletzt bearbeitet 16.06.2026 23:44:00
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2...
CVE-2012-3951
- EPSS 52%
- Veröffentlicht 31.07.2012 10:45:42
- Zuletzt bearbeitet 16.06.2026 23:44:06
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands v...
- EPSS 44.46%
- Veröffentlicht 31.07.2012 10:45:41
- Zuletzt bearbeitet 16.06.2026 23:41:46
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
CVE-2012-2627
- EPSS 5.73%
- Veröffentlicht 31.07.2012 10:45:41
- Zuletzt bearbeitet 16.06.2026 23:41:46
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
CVE-2012-2962
- EPSS 66.83%
- Veröffentlicht 30.07.2012 22:55:03
- Zuletzt bearbeitet 16.06.2026 23:42:25
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.