Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2019-20002
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
Solarwinds Webhelpdesk 12.7.1
10
CVSSv2
CVE-2015-5371
The AuthenticationFilter class in SolarWinds Storage Manager allows remote malicious users to upload and execute arbitrary scripts via unspecified vectors.
Solarwinds Storage Manager -
10
CVSSv2
CVE-2021-25274
The Collector Service in SolarWinds Orion Platform prior to 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process....
Solarwinds Orion Platform
1 Article
NA
CVE-2022-47512
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected
Solarwinds Solarwinds Platform 2022.4.0
4.3
CVSSv2
CVE-2020-5734
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated malicious user to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.
Solarwinds Dameware 12.1
10
CVSSv2
CVE-2015-7838
ProcessFileUpload.jsp in SolarWinds Storage Manager prior to 6.2 allows remote malicious users to upload and execute arbitrary files via unspecified vectors.
Solarwinds Storage Manager
4
CVSSv2
CVE-2018-10241
A denial of service vulnerability in SolarWinds Serv-U prior to 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
Solarwinds Serv-u
5
CVSSv2
CVE-2018-10240
SolarWinds Serv-U MFT prior to 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an malicious user to obtai...
Solarwinds Serv-u
NA
CVE-2022-47012
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
Solarwinds Dynamips 0.2.21
2.1
CVSSv2
CVE-2021-25275
SolarWinds Orion Platform prior to 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can ...
Solarwinds Orion Platform
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »