Filtered by vendor Solarwinds
Subscriptions
Total
274 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-3957 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 7.4 High |
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | ||||
CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 7.8 High |
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | ||||
CVE-2019-19829 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | ||||
CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | ||||
CVE-2019-17125 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | ||||
CVE-2019-16961 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | ||||
CVE-2019-16960 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | ||||
CVE-2019-16959 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 6.5 Medium |
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | ||||
CVE-2019-16958 | 1 Solarwinds | 1 Help Desk | 2024-11-21 | 5.4 Medium |
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | ||||
CVE-2019-16957 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 5.4 Medium |
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | ||||
CVE-2019-16956 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | ||||
CVE-2019-16955 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 5.4 Medium |
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | ||||
CVE-2019-16954 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | ||||
CVE-2019-13182 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | ||||
CVE-2019-13181 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 6.5 Medium |
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | ||||
CVE-2019-12954 | 1 Solarwinds | 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm | 2024-11-21 | 5.4 Medium |
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | ||||
CVE-2019-12864 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-11-21 | 5.5 Medium |
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | ||||
CVE-2019-12863 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-11-21 | 4.8 Medium |
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | ||||
CVE-2019-12769 | 1 Solarwinds | 1 Serv-u Managed File Transfer | 2024-11-21 | 8.8 High |
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | ||||
CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 8.8 High |
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. |