Page 34 of 256 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, no comprueba una ruta de argumento • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, maneja inapropiadamente el comando CHMOD • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •

CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 0

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Solarwinds Orion (con Web Console WPM versión 2019.4.1 y Orion Platform HF4 o NPM HF2 versión 2019.4), permite a atacantes remotos ejecutar código arbitrario por medio de un evento definido This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteVBScript method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7 https://www.zerodayinitiative.com/advisories/ZDI-21-063 https://www.zerodayinitiative.com/advisories/ZDI-21-065 •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Solarwinds Orion (con Web Console WPM versión 2019.4.1 y Orion Platform HF4 o NPM HF2 versión 2019.4), permite un ataque de tipo XSS por medio de un Equipo Responsable • https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Solarwinds Orion (con Web Console WPM versión 2019.4.1 y Orion Platform HF4 o NPM HF2 versión 2019.4), permite un ataque de tipo XSS por medio del nombre de una definición de alerta • https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •