Page 2 of 8 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. Network Performance Monitor versión 12.3 de SolarWinds, permite la inyección SQL por medio del parámetro TriggeringObjectEntityNames del archivo /api/ActiveAlertsOnThisEntity/GetActiveAlerts. • https://labs.nettitude.com/blog/cve-2018-13442-solarwinds-npm-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. La función "Upload logo from external path" de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 permite que los atacantes remotos provoquen una denegación de servicio (muestra permanente de un mensaje de error "Cannot exit above the top directory" en toda la aplicación web) mediante un ".." en el campo path. En otras palabras, la denegación de servicio es provocada por una implementación incorrecta de un mecanismo de protección contra saltos de directorio. SolarWinds Network Performance Monitor version 12.0.15300.90 suffers from a denial of service vulnerability. • http://www.securityfocus.com/archive/1/541263/100/0/threaded http://www.securityfocus.com/bid/101066 • CWE-20: Improper Input Validation •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en la función Add Node de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 que permite que los atacantes remotos introduzcan código JavaScript arbitrario en varios parámetros vulnerables. SolarWinds Network Performance Monitor version 12.0.15300.90 suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/541262/100/0/threaded http://www.securityfocus.com/bid/101071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •