Filtered by vendor Solarwinds
Subscriptions
Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2024-08-05 | 6.1 Medium |
| A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | ||||
| CVE-2019-17125 | 1 Solarwinds | 1 Orion Platform | 2024-08-05 | 6.1 Medium |
| A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | ||||
| CVE-2019-16959 | 1 Solarwinds | 1 Webhelpdesk | 2024-08-05 | 6.5 Medium |
| SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | ||||
| CVE-2019-16957 | 1 Solarwinds | 1 Webhelpdesk | 2024-08-05 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | ||||
| CVE-2019-16956 | 1 Solarwinds | 1 Web Help Desk | 2024-08-05 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | ||||
| CVE-2019-16961 | 1 Solarwinds | 1 Web Help Desk | 2024-08-05 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | ||||
| CVE-2019-16960 | 1 Solarwinds | 1 Web Help Desk | 2024-08-05 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | ||||
| CVE-2019-16954 | 1 Solarwinds | 1 Web Help Desk | 2024-08-05 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | ||||
| CVE-2019-16955 | 1 Solarwinds | 1 Webhelpdesk | 2024-08-05 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | ||||
| CVE-2019-16958 | 1 Solarwinds | 1 Help Desk | 2024-08-05 | 5.4 Medium |
| Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | ||||
| CVE-2019-13182 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | ||||
| CVE-2019-13181 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-08-04 | 6.5 Medium |
| A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | ||||
| CVE-2019-12954 | 1 Solarwinds | 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm | 2024-08-04 | 5.4 Medium |
| SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | ||||
| CVE-2019-12863 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-08-04 | 4.8 Medium |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | ||||
| CVE-2019-12864 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-08-04 | 5.5 Medium |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | ||||
| CVE-2019-12769 | 1 Solarwinds | 1 Serv-u Managed File Transfer | 2024-08-04 | 8.8 High |
| SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | ||||
| CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-08-04 | 8.8 High |
| A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | ||||
| CVE-2019-9546 | 1 Solarwinds | 1 Orion Platform | 2024-08-04 | N/A |
| SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | ||||
| CVE-2019-9017 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-08-04 | 7.5 High |
| DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | ||||
| CVE-2019-8917 | 1 Solarwinds | 1 Orion Network Performance Monitor | 2024-08-04 | N/A |
| SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. | ||||