Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-15 | CVE-2006-2357 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | 5.0 |
| 2006-05-15 | CVE-2006-2356 | Information Exposure vulnerability in Ipswitch Whatsup Professional 2006 NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | 5.0 |
| 2006-05-15 | CVE-2006-2355 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. | 5.0 |
| 2006-05-15 | CVE-2006-2354 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. | 5.0 |
| 2006-05-15 | CVE-2006-2353 | Permissions, Privileges, and Access Controls vulnerability in Ipswitch Whatsup Professional 2006/2006Premium NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | 5.0 |
| 2006-05-15 | CVE-2006-2352 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. network ipswitch | 4.3 |
| 2006-05-15 | CVE-2006-2351 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | 4.3 |
| 2006-05-12 | CVE-2006-2238 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. | 7.5 |
| 2006-05-12 | CVE-2006-1457 | Multiple vulnerability in Apple Mac OS X Security Update 2006-003 Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. | 2.6 |
| 2006-05-12 | CVE-2006-1456 | Multiple vulnerability in Apple Mac OS X Security Update 2006-003 Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. | 7.5 |