3023 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...
CVE-2012-2602
Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName field of an snmpd.conf file...
CVE-2012-2577
Multiple cross-site scripting XSS vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName field of an snmpd.conf file...
CVE-2012-2602
Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...
CVE-2012-2602
CVE-2012-2602 affects SolarWinds Orion Network Performance Monitor (NPM) prior to 10.3.1, enabling CSRF attacks that can hijack administrator sessions to: (1) create new user accounts via CreateUserStepContainer on Admin/Accounts/Add/OrionAccount.aspx and (2) modify account privileges via a ynAdm...
CVE-2012-2577
SolarWinds Orion NPM versions prior to 10.3.1 are affected by CVE-2012-2577 due to multiple XSS vulnerabilities that allow injection via the syslocation, syscontact, or sysName fields in snmpd.conf. Connected sources (NVD and Nessus NASL) corroborate that SolarWinds Orion NPM
Solarwinds Network Performance Monitor 10.2.2 contains multiple vulnerabilities
Overview Solarwinds Network Performance Monitor 10.2.2 and possibly earlier versions contain a cross-site scripting XSS, and cross-site request forgery CSRF vulnerability. Description Solarwinds Network Performance Monitor 10.2.2 can be attacked by modifying the snmpd.conf file with malicious...
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities / Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities Date: Jul 21 2012 Author: muts Version: SolarWinds Orion Network Performance Monitor 10.2.2 Vendor URL:...
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
/ Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities Date: Jul 21 2012 Author: muts Version: SolarWinds Orion Network Performance Monitor 10.2.2 Vendor URL: http://www.solarwinds.com/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012:...
SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities
Exploit for windows platform in category web applications / Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities Date: Jul 21 2012 Author: muts Version: SolarWinds Orion Network Performance Monitor 10.2.2 Vendor URL: http://www.solarwinds.com/ Timeline: 29 M...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
SolarWinds Storage Manager SQL Injection
Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...
SolarWinds Storage Manager Server LoginServlet loginName Parameter SQL Injection
The version of SolarWinds Storage Manager running on the remote host has a SQL injection vulnerability in the 'loginName' parameter of the 'LoginServlet' page. An attacker can leverage this flaw to bypass authentication, execute arbitrary SQL commands on the underlying database, and possibly...
SolarWinds Storage Manager Detection
SolarWinds Storage Manager was detected on the remote host. SolarWinds Storage Manager is a web-based storage management application. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59115; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22";...
Solarwinds Storage Manager 5.1.0 SQL Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Solarwinds Storag...
Solarwinds Storage Manager 5.1.0 SQL Injection
This module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. This module requires Metasploi...
Solarwinds Storage Manager 5.1.0 SQL Injection
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...