40 matches found
EUVD-2014-4891
Malware in sbrugna...
Dell SonicWALL Scrutinizer methodDetail SQL Injection (CVE-2014-4977)
An SQL injection vulnerability exists in Dell SonicWALL Scrutinizer. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of SYSTEM for windows or as Apache f...
Dell SonicWALL Scrutinizer 11.01 - methodDetail SQL Injection (Metasploit)
Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection",...
Dell SonicWALL Scrutinizer 11.01 - methodDetail SQL Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection", 'Description' = %q This module exploits a vulnerability found in...
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache f...
CVE-2014-4977
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...
Sql injection
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...
CVE-2014-4977
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...
Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection
Dell Sonicwall Scrutinizer version 11.01 is vulnerable to an authenticated SQL injection that allows an attacker to write arbitrary files to the file system. This vulnerability can be used to write a PHP script to the file system to gain remote command execution. Metasploit module included. Dell...
Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection
Dell Scrutinizer 11.01 several vulnerabilities http://www.mysonicwall.com has a trial available. Dell Sonicwall Scrutinizer suffers from several SQL injections, many of which can end up with remote code execution. An attacker needs to be authenticated, but not as an administrator. However, that...
Dell SonicWALL Scrutinizer 9 SQL Injection
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) SQL Injection
No description provided by source. !/usr/bin/python Exploit Title: Dell SonicWALL Scrutinizer 9.0.1 statusFilter.php q parameter SQL Injection Date: Jul 22 2012 Author: muts Version: SonicWALL Scrutinizer 9.0.1 Vendor URL: http://www.sonicwall.com Special thanks to: Tal Zeltzer Timeline: 12 Jun...
Sonicwall Scrutinizer 9.5.2 - SQL Injection Vulnerability
No description provided by source. Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation o...
SonicWALL Scrutinizer 9.0.1 alarms.php SQL Injection
SQL Injection vulnerability in alarms.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability
Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation of our DBI shim to error on semi-col...
Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities
Title: ====== Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities Date: ===== 2013-02-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=786 VL-ID: ===== 786 Common Vulnerability Scoring System: ==================================== 5.2 Introduction: ============...
Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities
Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/57949/info The Dell SonicWALL Scrutinizer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow...
Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/57949/info The Dell SonicWALL Scrutinizer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the...
SonicWALL Scrutinizer 9.5.2 - SQL Injection
Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation of our DBI shim to error on semi-col...
Sonicwall Scrutinizer 9.5.2 SQL Injection
Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation of our DBI shim to error on semi-col...