SHEIN: RCE via npm misconfig -- installing internal libraries from the public registry

The following node package has been installed on at least one shein owned build/development server directly from the public npm registry. https://www.npmjs.com/package/shineout-mobile This package should normally be downloaded from the internal shein registry, but a misconfiguration appears to ha...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

SolarWind LEM Default SSH Password Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SolarWind LEM Default SSH Password Remote Code Execution", 'Description' = %q This module exploits the default credentials of SolarWind LEM. A men...

SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)

SolarWinds LEM 6.3.1 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SolarWind LEM Default SSH Password Remote Code Execution", 'Description' = %q This module...