27 matches found
EUVD-2015-7737
Malware in sbrugna...
CVE-2017-7647
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands...
CVE-2015-7839
SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...
The vulnerability of the restrictssh function in the SolarWinds Log & Event Manager software allows a malicious actor to execute commands with root privileges.
The vulnerability of the restrictssh function in the SolarWinds Log & Event Manager software management tool is related to the lack of measures taken to protect data at the administrative level. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions, gain higher...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Insecure HTTP Update Download MitM Code Execution
According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 4. It is, therefore, affected by a vulnerability in the software update process. Software updates are packaged and delivered insecurely, leading to roo...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 3 Jailbreak and Privilege Escalation
According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 3. It is, therefore, affected by multiple vulnerabilities : - Due to the program setting insecure permissions for management scripts, a remote attacker...
SolarWinds Log and Event Manager Elevation of Privilege Vulnerability
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A privilege acquisition vulnerability exists in SolarWinds Log and Event Manager version 6.3.1. This vulnerability can be exploited by a local...
SolarWinds Log and Event Manager Command Execution Vulnerability (CNVD-2017-06863)
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A command execution vulnerability exists in SolarWinds Log and Event Manager 6.3.1, which can be exploited to execute arbitrary commands by loggi...
SolarWinds Log and Event Manager Postgres Database Security Bypass Vulnerability
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A security bypass vulnerability exists in the Postgres database of SolarWinds Log and Event Manager 6.3.1, which stems from the database having a...
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability
The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...
CVE-2017-7722
In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...
CVE-2017-7722
In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...
SolarWinds Log and Event Manager Command Execution Vulnerability
SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker can exploit the...
SolarWinds Log and Event Manager Arbitrary File Read Vulnerability
SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker can exploit the...
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
SolarWinds Log and Event Manager Local Elevation of Privilege Vulnerability
SolarWinds Log and Event Manager LEM, a.k.a. SIEM is a log and event manager from the U.S.-based SolarWinds that provides real-time log analysis, memory event correlation, and threat attack response. A local elevation of privilege vulnerability exists in SolarWinds Log and Event Manager versions...
SolarWinds Log and Event Manager XML External Entity Injection Vulnerability
SolarWinds Log and Event Manager LEM is vulnerable to an Extensible Markup Language XML external entity injection SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SolarWinds Log and Event Manager XML External Entity Injection Vulnerability
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. An XML external entity injection vulnerability exists in SolarWinds Log and Event Manager, which could be exploited by an attacker to obtain...