Solarwinds

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-2284 1Solarwinds 1Firewall Security Manager May 6, 2026 Mar 24, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.
CVE-2014-9566 1Solarwinds 8Orion Ip Address Manager Orion Netflow Traffic AnalyzerOrion Network Configuration Manager+5 more May 6, 2026 Mar 10, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic...Show more Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.Show less
CVE-2015-1501 1Solarwinds 1Server And Application Monitor May 6, 2026 Feb 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary.
CVE-2015-1500 1Solarwinds 1Server And Application Monitor May 6, 2026 Feb 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.loa...Show more Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load.Show less
CVE-2014-5504 1Solarwinds 1Log And Event Manager May 6, 2026 Sep 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
CVE-2014-3459 1Solarwinds 1Network Configuration Manager May 6, 2026 Aug 7, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
CVE-2013-3249 1Solarwinds 1Dameware Remote Support May 6, 2026 Mar 20, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbit...Show more Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2012-4939 1Solarwinds 2Ip Address Manager Web Interface Orion Network Performance Monitor Apr 29, 2026 Oct 31, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or...Show more Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field.Show less
CVE-2012-2602 1Solarwinds 1Orion Network Performance Monitor Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) c...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.Show less
CVE-2012-2577 1Solarwinds 1Orion Network Performance Monitor Apr 29, 2026 Aug 12, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontac...Show more Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.Show less
CVE-2011-4800 1Solarwinds 1Serv U File Server Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.0 HIGH· v2 Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward s...Show more Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.Show less
CVE-2010-4828 1Solarwinds 1Orion Network Performance Monitor Apr 29, 2026 Aug 24, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; Ne...Show more Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx.Show less
CVE-2010-2310 1Solarwinds 1Tftp Server Apr 29, 2026 Jun 16, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a denial of service (crash) via a long write request.
CVE-2010-2115 1Solarwinds 1Tftp Server Apr 29, 2026 May 28, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
CVE-2009-4815 1Solarwinds 1Serv U File Server Apr 29, 2026 Apr 27, 2010 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2009-4006 1Solarwinds 1Serv U File Server Apr 23, 2026 Nov 20, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string...Show more Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.Show less
CVE-2009-3655 1Solarwinds 1Serv U File Server Apr 23, 2026 Oct 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
CVE-2009-3115 1Solarwinds 1Tftp Server Apr 23, 2026 Sep 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third p...Show more SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-1031 1Solarwinds 1Serv U File Server Apr 23, 2026 Mar 20, 2009 N/A· v4 N/A· v3 7.8 HIGH· v2 Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
CVE-2009-0967 1Solarwinds 1Serv U File Server Apr 23, 2026 Mar 19, 2009 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument.

Previous 1...12 13 141516 Next