
CVE-2019-8917
https://notcve.org/view.php?id=CVE-2019-8917
18 Feb 2019 — SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user. SolarWinds Orion NPM, en versiones anteriores a la 12.4, sufre de una vulnerabilidad de ejecución remota de código "SYSTEM" en el servicio OrionModu... • http://www.securityfocus.com/bid/107061 •

CVE-2017-9537 – SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-9537
29 Sep 2017 — Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en la función Add Node de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 que permite que los atacantes remotos introduzcan código JavaScript arbitrario en varios parámetros vulnerables. SolarWinds N... • https://packetstorm.news/files/id/144411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2017-9538 – SolarWinds Network Performance Monitor 12.0.15300.90 Denial of Service
https://notcve.org/view.php?id=CVE-2017-9538
29 Sep 2017 — The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. La función "Upload logo from external path" de SolarWinds Network Performance ... • https://packetstorm.news/files/id/144412 • CWE-20: Improper Input Validation •

CVE-2014-9566 – Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
https://notcve.org/view.php?id=CVE-2014-9566
03 Mar 2015 — Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, ... • https://packetstorm.news/files/id/180603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2012-4939 – SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4939
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la IPAMSummaryView.aspx en el interfaz web IPAM anterior a v3.0-HotFix1 en SolarWinds Orion Network Performance Monitor puede permitir a un atacante remoto inyect... • https://www.exploit-db.com/exploits/37995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-2577 – SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2577
12 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) anterior a v10.3.1 permite a atacantes remotos inyectar código web arbitrario o html a través de (1) syslocation, ... • https://www.exploit-db.com/exploits/20011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-2602 – SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2602
12 Aug 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en SolarWinds Or... • https://www.exploit-db.com/exploits/20011 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2010-4828
https://notcve.org/view.php?id=CVE-2010-4828
24 Aug 2011 — Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) v10.1 permite a ataca... • http://secunia.com/advisories/42486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •