205 matches found
CVE-2019-12864
SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us=false query parameter...
EUVD-2019-4443
Malware in sbrugna...
EUVD-2021-21856
Malware in sbrugna...
EUVD-2021-21881
Malware in sbrugna...
EUVD-2021-21855
Malware in sbrugna...
EUVD-2019-4442
Malware in sbrugna...
EUVD-2021-21868
Malware in sbrugna...
EUVD-2019-18918
Malware in sbrugna...
EUVD-2019-7585
Malware in sbrugna...
EUVD-2019-7586
Malware in sbrugna...
CVE-2021-28674
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...
CVE-2020-35856
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...
CVE-2021-35212
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user...
SolarWinds Orion Platform AppendUpdate SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendUpdate method. The issue results from the lack of proper validation of a...
PT-2024-1656 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution issue was discovered in the SolarWinds Platform, specifically using an update statement. This issue requires user authentication to b...
PT-2023-27241 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code vulnerability was found in the SolarWinds Platform, which can be exploited with a low-privileged account. Recommendations: At the moment, there...
SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of...
PT-2023-7405 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to an incomplete list of disallowed inputs in the BlacklistedFilesChecker class of the SolarWinds Orion Platform, which can lead to remote code...
SolarWinds Orion Platform UpdateAction Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateAction method. The issue results from an exposed dangerous method. An...
PT-2023-7124 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to an incorrect comparison vulnerability in the UpdateAction method of the SolarWinds Orion Platform. This vulnerability can be exploited by a remote...