CVSS: 10.0EPSS: 47%CPEs: 1EXPL: 0CVE-2016-4350 – SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4350
28 Apr 2016 — Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the Back... • http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2015-8220 – SolarWinds DameWare Mini Remote Control URI Handler Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8220
10 Nov 2015 — Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. Desbordamiento de buffer basado en pila en el manejador URI en DWRCC.exe, en SolarWinds DameWare Mini Remote Control en versiones anteriores a 12.0 HotFix 1, permite a atacantes remotos ejecutar código arbitrario a través de un argumento de línea de comandos manipulado en un enlace. This vul... • http://www.zerodayinitiative.com/advisories/ZDI-15-555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 19%CPEs: 1EXPL: 0CVE-2015-7840 – Gentoo Linux Security Advisory 201603-11
https://notcve.org/view.php?id=CVE-2015-7840
15 Oct 2015 — The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. La consola de administración de linea de comandos (CMC) en SolarWinds Log y Event Manager (LEM) en versiones anteriores a 6.2.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados involucrando la funcionalidad ping. Multiple vulnerabilities have been found in Oracle's JRE... • http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 16%CPEs: 1EXPL: 0CVE-2015-7838 – Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7838
07 Oct 2015 — ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors. ProcessFileUpload.jsp en SolarWinds Storage Manager en versiones anteriores a 6.2 permite a atacantes remotos cargar y ejecutar archivos arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this... • http://www.solarwinds.com/documentation/srm/docs/releasenotes/releasenotes.htm • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2015-7839 – Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7839
07 Oct 2015 — SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. SolarWinds Log y Event Manager (LEM) permite a atacantes remotos ejecutar comandos arbitrarios en ordenadores gestionados a través de una petición a services/messagebroker/nonsecurestreamingamf implicando la funcionalidad traceroute. This vulnerability allows remote attackers to execute arbitrar... • http://www.zerodayinitiative.com/advisories/ZDI-15-461 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5610
https://notcve.org/view.php?id=CVE-2015-5610
21 Jul 2015 — The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. Vulnerabilidad en el servicio RSM (también conocido como RSMWinService) en SolarWinds N-Able N-Central anterior... • http://www.kb.cert.org/vuls/id/912036 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 83%CPEs: 1EXPL: 0CVE-2015-5371 – SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5371
30 Jun 2015 — The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. La clase AuthenticationFilter en SolarWinds Storage Manager permite a atacantes remotos subir y ejecutar secuencias de comandos arbitrarias a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerab... • http://www.securityfocus.com/bid/75515 •
CVSS: 10.0EPSS: 80%CPEs: 1EXPL: 2CVE-2015-2284 – SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2284
13 Mar 2015 — userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. userlogin.jsp en SolarWinds Firewall Security Manager (FSM) anterior a 6.6.5 HotFix1 permite a atacantes remotos ganar privilegios y ejecutar código arbitrario a través de vectores no especificados, relacionado con el manejo de la sesión del cliente. This vulnerability allows remote attackers to exe... • https://packetstorm.news/files/id/131301 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 78%CPEs: 8EXPL: 7CVE-2014-9566 – Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
https://notcve.org/view.php?id=CVE-2014-9566
03 Mar 2015 — Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, ... • https://packetstorm.news/files/id/180603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 42%CPEs: 1EXPL: 0CVE-2015-1500 – SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl graphManager.load Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1500
10 Feb 2015 — Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. Múltiples desbordamientos de buffer basado en pila en TSUnicodeGraphEditorControl en SolarWinds Server and Application Monitor (SAM) permiten a atacantes remotosw ejecutar código arbitrario a través de vectores no especificados en (1) cargar graphManager.o (2) cargar f... • http://www.zerodayinitiative.com/advisories/ZDI-15-042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •