Plixer Scrutinizer Netflow Sflow Analyzer vulnerabilities
4 known vulnerabilities affecting plixer/scrutinizer_netflow_sflow_analyzer.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2012-1259P2CRITICALCVSS 9.8PoC≥ 8.6.2.16204, < 9.0.1.198992020-01-09
CVE-2012-1259 [CRITICAL] CWE-89 CVE-2012-1259: Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3)
nvd
CVE-2012-1258P3MEDIUMCVSS 6.5PoCfixed in 9.0.1.198992020-01-09
CVE-2012-1258 [MEDIUM] CWE-287 CVE-2012-1258: cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.1989
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
nvd
CVE-2012-1260P3MEDIUMCVSS 6.1PoC≥ 8.6.2.16204, < 9.0.1.198992020-01-09
CVE-2012-1260 [MEDIUM] CWE-79 CVE-2012-1260: Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinize
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might alread
nvd
CVE-2012-1261P3MEDIUMCVSS 6.1PoC≤ 8.6.2.162042020-01-09
CVE-2012-1261 [MEDIUM] CWE-79 CVE-2012-1261: Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.
nvd