Filtered by vendor Solarwinds Subscriptions
Total 274 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-3957 1 Solarwinds 1 Dameware Mini Remote Control 2024-11-21 7.4 High
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.
CVE-2019-20002 1 Solarwinds 1 Webhelpdesk 2024-11-21 7.8 High
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
CVE-2019-19829 1 Solarwinds 1 Serv-u Ftp Server 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
CVE-2019-17127 1 Solarwinds 1 Orion Platform 2024-11-21 6.1 Medium
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
CVE-2019-17125 1 Solarwinds 1 Orion Platform 2024-11-21 6.1 Medium
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
CVE-2019-16961 1 Solarwinds 1 Web Help Desk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
CVE-2019-16960 1 Solarwinds 1 Web Help Desk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
CVE-2019-16959 1 Solarwinds 1 Webhelpdesk 2024-11-21 6.5 Medium
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
CVE-2019-16958 1 Solarwinds 1 Help Desk 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.
CVE-2019-16957 1 Solarwinds 1 Webhelpdesk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
CVE-2019-16956 1 Solarwinds 1 Web Help Desk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
CVE-2019-16955 1 Solarwinds 1 Webhelpdesk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
CVE-2019-16954 1 Solarwinds 1 Web Help Desk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
CVE-2019-13182 1 Solarwinds 1 Serv-u Ftp Server 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
CVE-2019-13181 1 Solarwinds 1 Serv-u Ftp Server 2024-11-21 6.5 Medium
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
CVE-2019-12954 1 Solarwinds 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm 2024-11-21 5.4 Medium
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
CVE-2019-12864 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2024-11-21 5.5 Medium
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
CVE-2019-12863 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2024-11-21 4.8 Medium
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
CVE-2019-12769 1 Solarwinds 1 Serv-u Managed File Transfer 2024-11-21 8.8 High
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
CVE-2019-12181 1 Solarwinds 2 Serv-u Ftp Server, Serv-u Mft Server 2024-11-21 8.8 High
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.