all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-1443: SolarWinds Orion Platform UpdateActionsProperties Exposed Dangerous Method Remote Code Execution Vulnerability

Add to bookmarks
Sept. 19, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability.

arbitrary code attackers authentication code code execution exploit exposed orion platform remote code remote code execution solarwinds solarwinds orion vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-23-1455: Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 1 day, 21 hours ago | www.zerodayinitiative.com
attackers disclosure exploit file +14
ZDI-23-1454: Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers cobalt code +12
ZDI-23-1453: Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability 2 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers cobalt code +13
ZDI-23-1452: Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability 2 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers cobalt code +13
ZDI-23-1450: Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers cobalt code +12
ZDI-23-1451: Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers cobalt code +12
ZDI-23-1449: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability 2 days, 21 hours ago | www.zerodayinitiative.com
0day amp assistant attacker +20
ZDI-23-1446: Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability 4 days, 21 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +14
ZDI-23-1447: Microsoft Exchange ExFileLog Deserialization of Untrusted Data Denial-of-Service Vulnerability 4 days, 21 hours ago | www.zerodayinitiative.com
attackers authentication data deserialization +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Business Information Security Officer

@ Metrolink | Los Angeles, CA
View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City
View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU
View on infosec-jobs.com

Senior Threat Engineer

@ Zscaler | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Information Security Communication Specialist

@ MicroStrategy | Mumbai, India
View on infosec-jobs.com

Principal Software Engineer (Network Security - SASE)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com
View more jobs