38 matches found
EUVD-2015-7737
Malware in sbrugna...
EUVD-2017-16651
Malware in sbrugna...
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
CVE-2015-7839
SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Insecure HTTP Update Download MitM Code Execution
According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 4. It is, therefore, affected by a vulnerability in the software update process. Software updates are packaged and delivered insecurely, leading to roo...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 3 Jailbreak and Privilege Escalation
According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 3. It is, therefore, affected by multiple vulnerabilities : - Due to the program setting insecure permissions for management scripts, a remote attacker...
SolarWinds Log and Event Manager (LEM) < 6.3.1 Hotfix 5 Hardcoded Credentials Vulnerability
SolarWinds Log and Event Manager LEM is prone to a hardcoded credentials vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SolarWinds Log & Event Manager Security Bypass Vulnerability
SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker could exploit the...
SolarWinds Log and Event Manager Information Disclosure Vulnerability
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. An information disclosure vulnerability exists in SolarWinds Log and Event Manager 6.3.1, which can be exploited by a local attacker to log in to...
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability
The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...
Solarwinds LEM 6.3.1 Shell Escape Command Injection Vulnerability
Exploit for linux platform in category remote exploits Solarwinds LEM Management Shell Escape via Command Injection Title: Solarwinds LEM Management Shell Escape via Command Injection Advisory ID: KL-001-2017-007 Publication Date: 2017.04.24 Publication URL:...
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation Vulnerability
An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1. Solarwinds LEM Privilege Escalation via Sudo Script Abuse Title: Solarwinds LEM Privilege Escalation via...
Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact: Privileged Access Attack vector: SSH 2. Vulnerability Description An...
Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Multiple Vulnerabilities
SolarWinds Log and Event Manager LEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-7647
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands...
SolarWinds Log and Event Manager Remote Code Execution Vulnerability
SolarWinds Log and Event Manager LEM, a.k.a. SIEM is a log and event manager from the U.S.-based SolarWinds that provides real-time log analysis, memory event correlation, and threat attack response. A remote code execution vulnerability exists in SolarWinds Log and Event Manager. A remote...
SolarWinds Log and Event Manager (LEM) < 6.3.1 Hotfix 3 SSH Jailbreak and Privilege Escalation Vulnerabilities
SolarWinds Log and Event Manager LEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SolarWinds Log and Event Manager cmc Default Credentials (SSH)
The remote SolarWinds Log and Event Manager is using known default credentials. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SolarWinds Log and Event Manager Command Injection Vulnerability
SolarWinds Log and Event Manager is prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...