15 matches found
SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)
A remote code execution vulnerability exists in SolarWinds Orion NPM. This vulnerability is due to missing access controls in the InvokeActionMethod method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Remote code execution
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...
CVE-2019-8917
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...
SolarWinds Orion NPM < 10.7 Multiple Vulnerabilities
The remote web server hosts a version of SolarWinds Orion NPM prior to version 10.7. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the 'wpdlx' ActiveX control where the application fails to validate file types when loading or saving images. This can allow a...
SolarWinds Orion NPM < 9.5 Login.asp SQLi
The remote web server hosts a version of SolarWinds Orion NPM that has a deprecated 'Login.asp' script that is accessible and contains a blind SQL injection vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
SolarWinds Orion NPM < 10.3.1 Multiple Vulnerabilities
The remote web server hosts a version of SolarWinds Orion NPM prior to 10.3.1. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting vulnerabilities exist that allow arbitrary web scripts to be injected via the 'syslocation', 'syscontact', or 'sysName' fiel...
CVE-2012-2602
Multiple cross-site request forgery CSRF vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create user accounts via CreateUserStepContainer actions to...
CVE-2012-2577
Multiple cross-site scripting XSS vulnerabilities in SolarWinds Orion Network Performance Monitor NPM before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName field of an snmpd.conf file...
CVE-2012-2602
CVE-2012-2602 affects SolarWinds Orion Network Performance Monitor (NPM) prior to 10.3.1, enabling CSRF attacks that can hijack administrator sessions to: (1) create new user accounts via CreateUserStepContainer on Admin/Accounts/Add/OrionAccount.aspx and (2) modify account privileges via a ynAdm...
CVE-2010-4828
Multiple cross-site scripting XSS vulnerabilities in SolarWinds Orion Network Performance Monitor NPM 10.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Title parameter to MapView.aspx; NetObject parameter to 2 NodeDetails.aspx and 3 InterfaceDetails.aspx; and the 4...
Multiple XSS in Solarwinds Orion NPM 10.1
Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most "variable=" that I've checked are vulnerable:...
SolarWinds Orion Network Performance Monitor (NPM) Multiple Cross Site Scripting Vulnerabilities
SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user- supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may le...
Solarwinds Orion NPM 10.1 Cross Site Scripting
Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most "variable=" that I've checked are vulnerable:...
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/45257/info SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
SolarWinds Orion Network Performance Monitor NPM 10.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/45257/info SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...