Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-12 | CVE-2012-2602 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Orion Network Performance Monitor Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. | 6.8 |
| 2012-08-12 | CVE-2012-2577 | Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. | 4.3 |
| 2011-12-14 | CVE-2011-4800 | Path Traversal vulnerability in Solarwinds Serv-U File Server Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. | 9.0 |
| 2011-08-24 | CVE-2010-4828 | Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor 10.1 Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. | 4.3 |
| 2010-06-16 | CVE-2010-2310 | Improper Input Validation vulnerability in Solarwinds Tftp Server 10.4.0.13 SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request. | 5.0 |
| 2010-05-28 | CVE-2010-2115 | Improper Input Validation vulnerability in Solarwinds Tftp Server 10.4.0.10 SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request. | 5.0 |
| 2010-04-27 | CVE-2009-4815 | Path Traversal vulnerability in Solarwinds Serv-U File Server Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
| 2009-11-20 | CVE-2009-4006 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. | 10.0 |
| 2009-10-09 | CVE-2009-3655 | Denial-Of-Service vulnerability in Serv-U Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. | 5.0 |
| 2009-09-09 | CVE-2009-3115 | Improper Input Validation vulnerability in Solarwinds Tftp Server SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. | 5.0 |