Filtered by vendor Solarwinds Subscriptions
Total 274 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-1675 1 Solarwinds 1 Serv-u File Server 2024-11-21 N/A
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
CVE-2004-0330 1 Solarwinds 1 Serv-u File Server 2024-11-21 N/A
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
CVE-2002-2393 1 Solarwinds 1 Serv-u File Server 2024-11-21 N/A
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
CVE-2002-1542 1 Solarwinds 1 Tftp Server 2024-11-21 N/A
SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.
CVE-2002-1209 1 Solarwinds 1 Tftp Server 2024-11-21 N/A
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
CVE-2001-1463 1 Solarwinds 1 Serv-u File Server 2024-11-21 N/A
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
CVE-2001-0054 1 Solarwinds 1 Serv-u File Server 2024-11-21 N/A
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
CVE-2024-45715 1 Solarwinds 1 Solarwinds Platform 2024-10-30 7.1 High
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
CVE-2024-45714 1 Solarwinds 1 Serv-u 2024-10-30 4.8 Medium
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
CVE-2024-45710 1 Solarwinds 1 Solarwinds Platform 2024-10-17 7.8 High
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
CVE-2024-45711 1 Solarwinds 1 Serv-u 2024-10-17 7.5 High
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
CVE-2024-28991 1 Solarwinds 1 Access Rights Manager 2024-09-17 9 Critical
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
CVE-2024-28990 1 Solarwinds 1 Access Rights Manager 2024-09-16 6.3 Medium
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVE-2024-28986 1 Solarwinds 2 Web Help Desk, Webhelpdesk 2024-08-16 9.8 Critical
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.