CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF...

EUVD-2021-14042

Malware in sbrugna...

EUVD-2018-20399

Malware in sbrugna...

EUVD-2019-0429

Malware in sbrugna...

CVE-2021-27240

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF...

CVE-2021-31475

CVE-2021-31475 affects SolarWinds Orion Job Scheduler 2020.2.1 HF 2. The flaw resides in the JobRouterService WCF configuration, which allows unprivileged users to access a critical resource, enabling remote code execution in the administrator context. Authentication is required to exploit, with ...

CVE-2021-27277

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

CVE-2021-27277

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

SolarWinds Orion Virtual Infrastructure Monitor OneTimeJobSchedulerEventsService Deserialization of Untrusted Data Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

Deserialization of untrusted data

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

SolarWinds Patch Manager DataGridService Deserialization of Untrusted Data Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

GHSA-QPVX-GPQM-G98J Critical severity vulnerability that affects Auth0-WCF-Service-JWT

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

CVE-2019-7644

The CVE-2019-7644 entry concerns Auth0-WCF-Service-JWT prior to 1.0.4, where the service leaks the expected JWT signature in an error message when signature validation fails. This enables an attacker to forge arbitrary JWT tokens that the vulnerable application will accept, effectively bypassing ...

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

Code injection

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...

CVE-2018-8790

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM...

CVE-2018-8790

CVE-2018-8790 affects Check Point ZoneAlarm 15.3.064.17729 and earlier, where a WCF service is exposed that enables a local, low-privileged user to execute arbitrary code with SYSTEM privileges. The description in the CVE confirms the vulnerability vector and impact as SYSTEM remote code executio...