Filtered by vendor Solarwinds
Subscribe
Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1463 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
|
|||||
| CVE-2005-3467 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.
|
|||||
| CVE-2002-1209 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
|
|||||
| CVE-2002-2393 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
|
|||||
| CVE-2004-1852 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
|
|||||
| CVE-2001-0054 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
|
|||||
| CVE-2004-1992 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.
|
|||||
| CVE-2004-1675 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
|
|||||
| CVE-2004-2111 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 8.5 HIGH | N/A |
|
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
|
|||||
| CVE-2002-1542 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.
|
|||||
| CVE-2006-1951 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering.
|
|||||
| CVE-2004-0330 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
|
|||||
| CVE-2004-2533 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
|
|||||
| CVE-2024-28989 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | N/A | 5.5 MEDIUM |
|
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
|
|||||
| CVE-2024-52606 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | N/A | 3.5 LOW |
|
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.
|
|||||
| CVE-2024-52611 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | N/A | 3.5 LOW |
|
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.
|
|||||
| CVE-2024-52612 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | N/A | 6.8 MEDIUM |
|
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.
|
|||||
| CVE-2024-45709 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | N/A | 5.3 MEDIUM |
|
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
|
|||||
| CVE-2024-45713 | 1 Solarwinds | 1 Kiwi Cattools | 2025-02-25 | N/A | 5.1 MEDIUM |
|
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
|
|||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | N/A | 5.7 MEDIUM |
|
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
|
|||||
| CVE-2024-29000 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.9 HIGH |
|
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
|
|||||
| CVE-2024-28075 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-10 | N/A | 9.0 CRITICAL |
|
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
|
|||||
| CVE-2024-23473 | 1 Solarwinds | 1 Access Rights Manager | 2025-02-10 | N/A | 8.6 HIGH |
|
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management console.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
|
|||||
| CVE-2024-29003 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.5 HIGH |
|
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.
|
|||||
| CVE-2024-29001 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.5 HIGH |
|
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.
|
|||||
| CVE-2024-28076 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-10 | N/A | 7.0 HIGH |
|
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format
|
|||||
| CVE-2024-28073 | 1 Solarwinds | 1 Serv-u | 2025-02-10 | N/A | 8.4 HIGH |
|
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
|
|||||
| CVE-2024-45717 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-06 | N/A | 7.0 HIGH |
|
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
|
|||||
| CVE-2023-23838 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | N/A | 6.5 MEDIUM |
|
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
|
|||||
| CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | N/A | 7.5 HIGH |
|
No exception handling vulnerability which revealed sensitive or excessive information to users.
|
|||||
| CVE-2024-0692 | 1 Solarwinds | 1 Security Event Manager | 2025-01-21 | N/A | 8.8 HIGH |
|
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
|
|||||
| CVE-2024-29004 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.1 HIGH |
|
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
|
|||||
| CVE-2024-28999 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
|
|||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.5 HIGH |
|
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
|
|||||
| CVE-2024-28993 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 7.6 HIGH |
|
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
|
|||||
| CVE-2024-28992 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 7.6 HIGH |
|
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
|
|||||
| CVE-2024-28074 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
|
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.
|
|||||
| CVE-2024-23479 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
|
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
|
|||||
| CVE-2024-23478 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 8.0 HIGH |
|
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.
|
|||||
| CVE-2024-23477 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 7.9 HIGH |
|
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
|
|||||