Filtered by vendor Solarwinds
Subscriptions
Total
292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1209 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. | ||||
| CVE-2006-1951 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. | ||||
| CVE-2005-3467 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | N/A |
| Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. | ||||
| CVE-2004-1675 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | N/A |
| Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. | ||||
| CVE-2001-1463 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | N/A |
| The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. | ||||
| CVE-2002-1542 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | N/A |
| SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. | ||||
| CVE-2004-2533 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | N/A |
| Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. | ||||
| CVE-2022-38111 | 1 Solarwinds | 1 Orion Platform | 2025-03-19 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47503 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47504 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.8 High |
| SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | ||||
| CVE-2022-47507 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47508 | 1 Solarwinds | 1 Server And Application Monitor | 2025-03-18 | 7.5 High |
| Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | ||||
| CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2025-03-01 | 7.8 High |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | ||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2025-02-27 | 7.2 High |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2025-02-27 | 6.8 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2025-02-27 | 6.8 Medium |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2024-28989 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | 5.5 Medium |
| SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | ||||
| CVE-2024-52606 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-25 | 3.5 Low |
| SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. | ||||