Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-19829 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. | 5.4 |
| 2019-12-16 | CVE-2019-13182 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | 5.4 |
| 2019-12-16 | CVE-2019-13181 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | 6.5 |
| 2019-08-14 | CVE-2018-19386 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457 SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | 6.1 |
| 2019-03-21 | CVE-2018-19934 | Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25 SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | 4.8 |
| 2018-05-16 | CVE-2018-10241 | NULL Pointer Dereference vulnerability in Solarwinds Serv-U A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. | 6.5 |
| 2017-10-03 | CVE-2017-9538 | Improper Input Validation vulnerability in Solarwinds Network Performance Monitor 12.0/12.0.1/12.0.15300.90 The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. | 4.9 |
| 2017-10-03 | CVE-2017-9537 | Cross-site Scripting vulnerability in Solarwinds Network Performance Monitor 12.0.15300.90 Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | 4.8 |
| 2017-04-10 | CVE-2017-7646 | Information Exposure vulnerability in Solarwinds LOG & Event Manager 6.3.1 SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within. | 6.5 |
| 2016-06-24 | CVE-2016-5709 | Information Exposure vulnerability in Solarwinds Virtualization Manager 6.3.1 SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | 4.7 |