CVE-2010-4828
https://notcve.org/view.php?id=CVE-2010-4828
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) v10.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Title de MapView.aspx; el parámetro NetObject (2) de NodeDetails.aspx y (3) InterfaceDetails.aspx, y el parámetro ChartName (4) de CustomChart.aspx. • http://secunia.com/advisories/42486 http://securityreason.com/securityalert/8349 http://www.securityfocus.com/archive/1/515083/100/0/threaded http://www.securityfocus.com/bid/45257 https://exchange.xforce.ibmcloud.com/vulnerabilities/63956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2310 – SolarWinds TFTP Server 10.4.0.13 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-2310
SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request. SolarWinds TFTP Server v10.4.0.13, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición de escritura larga. • https://www.exploit-db.com/exploits/13836 http://osvdb.org/65540 http://www.exploit-db.com/exploits/13836 http://www.securityfocus.com/bid/40824 https://exchange.xforce.ibmcloud.com/vulnerabilities/59419 • CWE-20: Improper Input Validation •
CVE-2010-2115 – SolarWinds TFTP Server 10.4.0.10 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-2115
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request. Servidor SolarWinds TFTP v10.4.0.10 permite a atacantes remotos provocar una denegación de servicio (impide conexiones nuevas) a través de una petición de lectura manipulada. The SolarWinds TFTP server can be shut down by sending a netascii read request with a specially crafted file name. • https://www.exploit-db.com/exploits/12683 http://osvdb.org/64845 http://secunia.com/advisories/39896 http://www.exploit-db.com/exploits/12683 http://www.securitytracker.com/id?1024019 • CWE-20: Improper Input Validation •
CVE-2009-4815
https://notcve.org/view.php?id=CVE-2009-4815
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Serv-U en versiones anteriores a la 9.2.0.1 permite a atacantes remotos autenticados leer ficheros de su elección mediante vectores no especificados. • http://secunia.com/advisories/37847 http://www.securityfocus.com/bid/37414 http://www.serv-u.com/releasenotes http://www.vupen.com/english/advisories/2009/3595 https://exchange.xforce.ibmcloud.com/vulnerabilities/54932 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-4006 – RhinoSoft Serv-U FTP Server - Session Cookie Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4006
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. Un desbordamiento de búfer en la región stack de la memoria en el algoritmo de decodificación TEA en servidor FTP Serv-U de RhinoSoft versiones 7.0.0.1, 9.0.0.5 y otras versiones anteriores a 9.1.0.0, permite a los atacantes remotos ejecutar código arbitrario por medio de una cadena hexadecimal larga. • https://www.exploit-db.com/exploits/16775 http://secunia.com/advisories/37228 http://secunia.com/secunia_research/2009-46 http://www.osvdb.org/60427 http://www.securityfocus.com/archive/1/507955/100/0/threaded http://www.securityfocus.com/bid/37051 http://www.securitytracker.com/id?1023199 http://www.serv-u.com/releasenotes http://www.vupen.com/english/advisories/2009/3277 https://exchange.xforce.ibmcloud.com/vulnerabilities/54322 https://oval.cisecurity.org/repository/sea • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •