This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected.
49a2f85914fe62a59a5b35436be0129aeb6f0625b2437d7ef4016b0001eb50ea
Tableau server suffers from a remote blind SQL injection vulnerability. Versions 8.1.X before 8.1.2 and 8.0.X before 8.0.7 are affected.
ebf6b43d894838fe1a6ca916802d8cfcb730ad9a2026321cedbb90facb145ccd
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643