Lucene search
K

15 matches found

Check Point Advisories
Check Point Advisories
added 2019/11/20 12:0 a.m.5 views

SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)

A remote code execution vulnerability exists in SolarWinds Orion NPM. This vulnerability is due to missing access controls in the InvokeActionMethod method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.1AI score0.36448EPSS
Exploits0
Prion
Prion
added 2019/02/18 7:29 p.m.12 views

Remote code execution

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...

10CVSS9.7AI score0.36448EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/02/18 7:0 p.m.16 views

CVE-2019-8917

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...

9.9AI score0.36448EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/05/12 12:0 a.m.25 views

SolarWinds Orion NPM < 10.7 Multiple Vulnerabilities

The remote web server hosts a version of SolarWinds Orion NPM prior to version 10.7. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the 'wpdlx' ActiveX control where the application fails to validate file types when loading or saving images. This can allow a...

6.8CVSS6.6AI score0.11564EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2012/11/12 12:0 a.m.55 views

SolarWinds Orion NPM < 9.5 Login.asp SQLi

The remote web server hosts a version of SolarWinds Orion NPM that has a deprecated 'Login.asp' script that is accessible and contains a blind SQL injection vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/09/17 12:0 a.m.19 views

SolarWinds Orion NPM < 10.3.1 Multiple Vulnerabilities

The remote web server hosts a version of SolarWinds Orion NPM prior to 10.3.1. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting vulnerabilities exist that allow arbitrary web scripts to be injected via the 'syslocation', 'syscontact', or 'sysName' fiel...

6.8CVSS5.8AI score0.1021EPSS
Exploits2References3
Cvelist
Cvelist
added 2012/08/12 4:0 p.m.22 views

CVE-2012-2602

Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...

7.2AI score0.05979EPSS
Exploits1References6
Cvelist
Cvelist
added 2012/08/12 4:0 p.m.24 views

CVE-2012-2577

Multiple cross-site scripting XSS vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName field of an snmpd.conf file...

5.7AI score0.1021EPSS
Exploits1References5
CVE
CVE
added 2012/08/12 4:0 p.m.47 views

CVE-2012-2602

CVE-2012-2602 affects SolarWinds Orion Network Performance Monitor (NPM) prior to 10.3.1, enabling CSRF attacks that can hijack administrator sessions to: (1) create new user accounts via CreateUserStepContainer on Admin/Accounts/Add/OrionAccount.aspx and (2) modify account privileges via a ynAdm...

6.8CVSS7.4AI score0.05979EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2011/08/24 10:55 a.m.14 views

CVE-2010-4828

Multiple cross-site scripting XSS vulnerabilities in SolarWinds Orion Network Performance Monitor NPM 10.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Title parameter to MapView.aspx; NetObject parameter to 2 NodeDetails.aspx and 3 InterfaceDetails.aspx; and the 4...

4.3CVSS5.8AI score0.05073EPSS
Exploits1References5
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.71 views

Multiple XSS in Solarwinds Orion NPM 10.1

Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most "variable=" that I've checked are vulnerable:...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2010/12/09 12:0 a.m.15 views

SolarWinds Orion Network Performance Monitor (NPM) Multiple Cross Site Scripting Vulnerabilities

SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user- supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may le...

4.3CVSS7.1AI score0.05073EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2010/12/08 12:0 a.m.41 views

Solarwinds Orion NPM 10.1 Cross Site Scripting

Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most "variable=" that I've checked are vulnerable:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/12/07 12:0 a.m.32 views

SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/45257/info SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/12/07 12:0 a.m.15 views

SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities

SolarWinds Orion Network Performance Monitor NPM 10.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/45257/info SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

7AI score
Exploits0
Rows per page
Query Builder