 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2016-4350 |
| Description: | Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.809427 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-4350 http://www.zerodayinitiative.com/advisories/ZDI-16-249 http://www.zerodayinitiative.com/advisories/ZDI-16-250 http://www.zerodayinitiative.com/advisories/ZDI-16-251 http://www.zerodayinitiative.com/advisories/ZDI-16-252 http://www.zerodayinitiative.com/advisories/ZDI-16-253 http://www.zerodayinitiative.com/advisories/ZDI-16-254 http://www.zerodayinitiative.com/advisories/ZDI-16-255 http://www.zerodayinitiative.com/advisories/ZDI-16-256 http://www.zerodayinitiative.com/advisories/ZDI-16-257 http://www.zerodayinitiative.com/advisories/ZDI-16-258 http://www.zerodayinitiative.com/advisories/ZDI-16-259 http://www.zerodayinitiative.com/advisories/ZDI-16-260 http://www.zerodayinitiative.com/advisories/ZDI-16-261 http://www.zerodayinitiative.com/advisories/ZDI-16-262 http://www.zerodayinitiative.com/advisories/ZDI-16-263 http://www.zerodayinitiative.com/advisories/ZDI-16-264 http://www.zerodayinitiative.com/advisories/ZDI-16-265 http://www.zerodayinitiative.com/advisories/ZDI-16-266 http://www.zerodayinitiative.com/advisories/ZDI-16-267 http://www.zerodayinitiative.com/advisories/ZDI-16-268 http://www.zerodayinitiative.com/advisories/ZDI-16-269 http://www.zerodayinitiative.com/advisories/ZDI-16-270 http://www.zerodayinitiative.com/advisories/ZDI-16-271 http://www.zerodayinitiative.com/advisories/ZDI-16-272 |