CVSS: 7.5EPSS: 96%CPEs: 8EXPL: 5CVE-2014-9566 – SolarWinds Orion Service - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9566
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint. Múltiples vulnerabilidades de inyección SQL en la página Manage Accounts en el servicio AccountManagement.asmx en Solarwinds Orion Platform 2015.1, utilizado en Network Performance Monitor (NPM) anterior a 11.5, NetFlow Traffic Analyzer (NTA) anterior a 4.1, Network Configuration Manager (NCM) anterior a 7.3.2, IP Address Manager (IPAM) anterior a 4.3, User Device Tracker (UDT) anterior a 3.2, VoIP & Network Quality Manager (VNQM) anterior a 4.2, Server & Application Manager (SAM) anterior a 6.2, Web Performance Monitor (WPM) anterior a 2.2, y posiblemente otros productos Solarwinds, permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) dir o (2) sort en el endpoint (a) GetAccounts o (b) GetAccountGroups. Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP • https://www.exploit-db.com/exploits/36262 http://osvdb.org/show/osvdb/118746 http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Mar/18 http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html http://www.exploit-db.com/exploits/36262 http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm https://github.com/rapid7/metasploit-framework/pull/4836 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 93%CPEs: 1EXPL: 0CVE-2015-1500 – SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl graphManager.load Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1500
Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. Múltiples desbordamientos de buffer basado en pila en TSUnicodeGraphEditorControl en SolarWinds Server and Application Monitor (SAM) permiten a atacantes remotosw ejecutar código arbitrario a través de vectores no especificados en (1) cargar graphManager.o (2) cargar factory. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the 'graphManager' object's load method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. • http://www.zerodayinitiative.com/advisories/ZDI-15-042 http://www.zerodayinitiative.com/advisories/ZDI-15-044 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 50%CPEs: 1EXPL: 0CVE-2015-1501 – SolarWinds Server and Application Monitor TSUnicodeGraphEditorControl factory.loadExtensionFactory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1501
The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. La función factory.loadExtensionFactory en TSUnicodeGraphEditorControl en SolarWinds Server and Application Monitor (SAM) permite a atacantes remotos ejecutar código arbitrario a través de una ruta UNC en un binario manhipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the 'factory' object's loadExtensionFactory method. By supplying a UNC path to a controlled binary, a remote attacker can execute arbitrary code under the context of the process. • http://www.zerodayinitiative.com/advisories/ZDI-15-043 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 94%CPEs: 5EXPL: 0CVE-2014-5504 – SolarWinds Log and Event Manager Static Credential Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-5504
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. SolarWinds Log And Event Manager anterior a 6.0 utiliza credenciales 'estáticas', lo que facilita a atacantes remotos obtener acceso a la base de datos y ejecutar código arbitrario a través de vectores no especificados, relacionado con HyperSQL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the usage of HyperSQL. The issue lies in the usage of static credentials to access the database. • http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.htm http://www.zerodayinitiative.com/advisories/ZDI-14-303 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 59%CPEs: 3EXPL: 0CVE-2014-3459 – SolarWinds Network Configuration Manager PEstrarg1 Heap Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-3459
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. Desbordamiento de buffer basado en memoria dinámica en SolarWinds Network Configuration Manager (NCM) anterior a 7.3 permite a atacantes remotos ejecutar código arbitrario a través de la propiedad PEstrarg1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Network Configuration Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PEstrarg1 property. The issue lies in a failure to validate the size of the input buffer before copying it into a fixed-size buffer on the heap. • http://zerodayinitiative.com/advisories/ZDI-14-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •