Filtered by vendor Plixer
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28993 | 1 Plixer | 1 Scrutinizer | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). | |||||
CVE-2012-1259 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | |||||
CVE-2012-1260 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script. | |||||
CVE-2012-1258 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-22 | 4.0 MEDIUM | 6.5 MEDIUM |
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | |||||
CVE-2012-1261 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. |