CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41261
https://notcve.org/view.php?id=CVE-2023-41261
An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results. Se descubrió un problema en /fcgi/scrut_fcgi.fcgi en Plixer Scrutinizer antes de 19.3.1. La acción de endpoint csvExportReport generateCSV no requiere autenticación y permite a un usuario no autenticado exportar un informe y acceder a los resultados. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41262
https://notcve.org/view.php?id=CVE-2023-41262
An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server. Se descubrió un problema en /fcgi/scrut_fcgi.fcgi en Plixer Scrutinizer antes de 19.3.1. La acción de endpoint csvExportReport generateCSV es vulnerable a la inyección de SQL a través del parámetro de clasificación, lo que permite a un usuario no autenticado ejecutar declaraciones SQL arbitrarias en el contexto del servidor de base de datos backend de la aplicación. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41263
https://notcve.org/view.php?id=CVE-2023-41263
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information. Se descubrió un problema en Plixer Scrutinizer antes de la versión 19.3.1. Expone registros de depuración a usuarios no autenticados en la ruta URL /debug/. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28993
https://notcve.org/view.php?id=CVE-2021-28993
Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). Plixer Scrutinizer versión 19.0.2, está afectado por una Inyección SQL. El impacto es: obtención de información confidencial (remota) • http://plixer.com https://docs.plixer.com/projects/scrutinizer/en/19.1.0/system/changelog.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2012-1261 – Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1261
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo cgi-bin/scrut_fa_exclusions.cgi en Plixer International Scrutinizer NetFlow and sFlow Analyzer versión 8.6.2.16204 y otras versiones anteriores a 9.0.1.19899, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro standalone. Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/18750 http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html http://www.exploit-db.com/exploits/18750 http://www.securityfocus.com/bid/52989 https://exchange.xforce.ibmcloud.com/vulnerabilities/74827 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •