3 matches found
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution
!/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require absolutely no hash cracking since the target uses symmetric...
Default credentials
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi...
CVE-2014-4977
Summary: CVE-2014-4977 affects Dell SonicWALL Scrutinizer 11.0.1. Multiple SQL injection vulnerabilities in exporters.php (parameters: selectedUserGroup in admin.cgi, user_id in changeUnit, methodDetail, xcNetworkDetail) allow a remote authenticated attacker to manipulate SQL queries. Public refe...