Day: November 24, 2022
ZDI-22-1664: SolarWinds Network Performance Monitor DeserializeFromStrippedXml Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.
ZDI-22-1663: SolarWinds Network Performance Monitor GetPdf Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.
ZDI-22-1662: SolarWinds Network Performance Monitor WebUserSettingsCrudHandler Improper Input Validation Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.
ZDI-22-1661: Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead …
CVE-2022-40300: SQL Injection in ManageEngine Privileged Access ManagementRead More
