
CVE-2020-14005 – SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14005
24 Jun 2020 — Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. Solarwinds Orion (con Web Console WPM versión 2019.4.1 y Orion Platform HF4 o NPM HF2 versión 2019.4), permite a atacantes remotos ejecutar código arbitrario por medio de un evento definido This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is requ... • https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7 •

CVE-2020-14006
https://notcve.org/view.php?id=CVE-2020-14006
24 Jun 2020 — Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Solarwinds Orion (con Web Console WPM versión 2019.4.1 y Orion Platform HF4 o NPM HF2 versión 2019.4), permite un ataque de tipo XSS por medio de un Equipo Responsable • https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2020-14007
https://notcve.org/view.php?id=CVE-2020-14007
24 Jun 2020 — Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Solarwinds Orion (con Web Console WPM versión 2019.4.1 y Orion Platform HF4 o NPM HF2 versión 2019.4), permite un ataque de tipo XSS por medio del nombre de una definición de alerta • https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2014-9566 – SolarWinds Orion Service - SQL Injection
https://notcve.org/view.php?id=CVE-2014-9566
03 Mar 2015 — Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, ... • https://packetstorm.news/files/id/180603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2012-4939 – SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4939
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la IPAMSummaryView.aspx en el interfaz web IPAM anterior a v3.0-HotFix1 en SolarWinds Orion Network Performance Monitor puede permitir a un atacante remoto inyect... • https://www.exploit-db.com/exploits/37995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •