Vulnerabilities > Solarwinds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-24 | CVE-2017-5199 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds LOG and Event Manager The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | 6.5 |
| 2017-03-20 | CVE-2017-6803 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds FTP Voyager 16.2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. | 6.8 |
| 2015-07-21 | CVE-2015-5610 | Information Exposure vulnerability in Solarwinds N-Able N-Central The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. | 4.0 |
| 2015-02-16 | CVE-2015-1501 | Code Injection vulnerability in Solarwinds Server and Application Monitor The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | 6.8 |
| 2015-02-16 | CVE-2015-1500 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Solarwinds Server and Application Monitor Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. | 6.8 |
| 2014-08-07 | CVE-2014-3459 | Buffer Errors vulnerability in Solarwinds Network Configuration Manager 7.2.0/7.2.1/7.2.2 Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | 6.8 |
| 2012-10-31 | CVE-2012-4939 | Cross-Site Scripting vulnerability in Solarwinds products Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field. | 4.3 |
| 2012-08-12 | CVE-2012-2602 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Orion Network Performance Monitor Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. | 6.8 |
| 2012-08-12 | CVE-2012-2577 | Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. | 4.3 |
| 2011-08-24 | CVE-2010-4828 | Cross-Site Scripting vulnerability in Solarwinds Orion Network Performance Monitor 10.1 Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. | 4.3 |