CVE-2014-3322

Cisco IOS XR on ASR 9000 devices is affected by a NetFlow processing DoS caused by improper sampling of malformed IPv4/IPv6 packets (Bug CSCuo68417). The issue affects Typhoon-based line cards and can cause a lockup and reload of the Network Processor chip and line card when processing malicious ...

CVE-2014-3322

Cisco IOS XR 4.3.2 and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service chip and card hangs via malformed 1 IPv4 or 2 IPv6 packets, aka Bug ID CSCuo68417...

Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability

A vulnerability in NetFlow processing in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due to...

NetFlow Analyzer 5 /jspui/customReport.jsp rtype Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

NetFlow Analyzer 5 /jspui/appConfig.jsp task Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

NetFlow Analyzer 5 netflow/jspui/index.jsp view Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International...

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

NetFlow Analyzer 4 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15127/info NetFlow Analyzer 4 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

NetFlow Analyzer 5 /jspui/applicationList.jsp alpha Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

NetFlow Analyzer 5 /jspui/selectDevice.jsp rtype Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/24766/info NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...

Vulnerability Management: Think Like an Attacker to Prioritize Risks

Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. The same is true for you - to most effectively manage vulnerabilities, you need to think like an attacker. Ask yourself: How would you go about compromising systems,...

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential (CVE-2012-3951)

An insecure default credentials config has been reported in Plixer Scrutinizer. The vulnerability is due to an insecure config of default credentials in the MySQL server. The attacker could log into MySQL server with the default credentials, and then gain arbitrary remote code execution...

Scrutinizer < 10.1.2 Multiple Vulnerabilities

The version of Scrutinizer NetFlow and sFlow Analyzer running on the remote host is a version prior to 10.1.2, and is, therefore, potentially affected by the following vulnerabilities : - A blind SQL injection vulnerability exists because the 'orderby' and 'gadget' parameters of 'faweb.cgi' fail ...

Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass (CVE-2012-2626)

An authentication bypass vulnerability has been reported in Plixer Scrutinizer NetFlow and sFlow Analyzer...

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow &amp; sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Plixer Scrutinize...

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass

This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of...