216 matches found
CVE-2019-12864
SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us=false query parameter...
EUVD-2021-21856
Malware in sbrugna...
EUVD-2021-21855
Malware in sbrugna...
EUVD-2019-4442
Malware in sbrugna...
EUVD-2019-18918
Malware in sbrugna...
EUVD-2019-4443
Malware in sbrugna...
EUVD-2021-21868
Malware in sbrugna...
EUVD-2019-7586
Malware in sbrugna...
EUVD-2021-21881
Malware in sbrugna...
EUVD-2019-7585
Malware in sbrugna...
CVE-2021-28674
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...
CVE-2020-35856
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...
CVE-2021-35212
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user...
SolarWinds Orion Platform AppendUpdate SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendUpdate method. The issue results from the lack of proper validation of a...
PT-2024-1656 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution issue was discovered in the SolarWinds Platform, specifically using an update statement. This issue requires user authentication to b...
The vulnerability of the BlacklistedFilesChecker software module in SolarWinds Orion Platform allows a hacker to execute arbitrary code.
The vulnerability of the BlacklistedFilesChecker software for network monitoring on the SolarWinds Orion Platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code within the SYSTEM conte...
PT-2023-27241 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code vulnerability was found in the SolarWinds Platform, which can be exploited with a low-privileged account. Recommendations: At the moment, there...
The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in its deserialization mechanism flaws, which allows a hacker to execute arbitrary commands from the web console.
The vulnerability of the SolarWinds Orion Platform’s network monitoring software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands from the web console...
SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of...
PT-2023-7405 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to an incomplete list of disallowed inputs in the BlacklistedFilesChecker class of the SolarWinds Orion Platform, which can lead to remote code...