CVE-2012-2576 – SolarWinds Storage Manager 5.1.0 - Remote SYSTEM SQL Injection
https://notcve.org/view.php?id=CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. Vulnerabilidad de inyección SQL en la página LoginServlet en SolarWinds Storage Manager en versiones anteriores a la 5.1.2, SolarWinds Storage Profiler en versiones anteriores a la 5.1.2 y SolarWinds Backup Profiler en versiones anteriores a la 5.1.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el campo loginName. • https://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18833 http://www.securityfocus.com/bid/51639 http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/72680 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-9538 – SolarWinds Network Performance Monitor 12.0.15300.90 Denial Of Service
https://notcve.org/view.php?id=CVE-2017-9538
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. La función "Upload logo from external path" de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 permite que los atacantes remotos provoquen una denegación de servicio (muestra permanente de un mensaje de error "Cannot exit above the top directory" en toda la aplicación web) mediante un ".." en el campo path. En otras palabras, la denegación de servicio es provocada por una implementación incorrecta de un mecanismo de protección contra saltos de directorio. SolarWinds Network Performance Monitor version 12.0.15300.90 suffers from a denial of service vulnerability. • http://www.securityfocus.com/archive/1/541263/100/0/threaded http://www.securityfocus.com/bid/101066 • CWE-20: Improper Input Validation •
CVE-2017-9537 – SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-9537
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en la función Add Node de SolarWinds Network Performance Monitor en su versión 12.0.15300.90 que permite que los atacantes remotos introduzcan código JavaScript arbitrario en varios parámetros vulnerables. SolarWinds Network Performance Monitor version 12.0.15300.90 suffers from a cross site scripting vulnerability. • http://www.securityfocus.com/archive/1/541262/100/0/threaded http://www.securityfocus.com/bid/101071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7722
https://notcve.org/view.php?id=CVE-2017-7722
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell. En SolarWinds Log & Event Manager (LEM) en versiones anteriores a 6.3.1 Hotfix 4, se encuentra un sistema de menús cuando se accede al servicio SSH con "cmc" y "password" (nombre de usuario y contraseña predeterminados). Al explotar una vulnerabilidad en la función restrictssh de la secuencia de comandos de menú, un atacante puede escapar del shell restringido. • https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product https://thwack.solarwinds.com/thread/111223 http://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-7647
https://notcve.org/view.php?id=CVE-2017-7647
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. SolarWinds Log & Event Manager (LEM) en versiones anteriores a 6.3.1 Hotfix 4 permite a un usuario autenticado ejecutar comandos arbitrarios. • https://thwack.solarwinds.com/thread/111223 •