Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-15541
SolarWinds Serv-U FTP server prior to 15.2.1 allows remote command execution.
Solarwinds Serv-u Ftp Server
9.8
CVSSv3
CVE-2020-15542
SolarWinds Serv-U FTP server prior to 15.2.1 mishandles the CHMOD command.
Solarwinds Serv-u Ftp Server
9.8
CVSSv3
CVE-2020-15543
SolarWinds Serv-U FTP server prior to 15.2.1 does not validate an argument path.
Solarwinds Serv-u Ftp Server
9.8
CVSSv3
CVE-2019-3980
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary...
Solarwinds Dameware Mini Remote Control 12.1.0.89
2 Github repositories
9.8
CVSSv3
CVE-2019-9546
SolarWinds Orion Platform prior to 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
Solarwinds Orion Platform 2018.4
Solarwinds Orion Platform
9.8
CVSSv3
CVE-2019-8917
SolarWinds Orion NPM prior to 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeAct...
Solarwinds Orion Network Performance Monitor
9.8
CVSSv3
CVE-2018-16791
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an malicious user to determine passwords for potentially privileged accounts. This also grants the attacker an abilit...
Solarwinds Sftp\\/scp Server
9.8
CVSSv3
CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager prior to 5.1.2, SolarWinds Storage Profiler prior to 5.1.2, and SolarWinds Backup Profiler prior to 5.1.2 allows remote malicious users to execute arbitrary SQL commands via the loginName field.
Solarwinds Storage Profiler
Solarwinds Backup Profiler
Solarwinds Storage Manager
1 EDB exploit
9.8
CVSSv3
CVE-2016-3642
The RMI service in SolarWinds Virtualization Manager 6.3.1 and previous versions allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Solarwinds Virtualization Manager
9.8
CVSSv3
CVE-2016-4350
Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) prior to 6.2.3 allow remote malicious users to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the S...
Solarwinds Storage Resource Monitor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »