Vulnerabilities > Ipswitch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-21 | CVE-2009-4775 | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP 12.0/12.0.1 Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | 4.3 |
| 2009-01-27 | CVE-2007-2795 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ipswitch Imail Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. | 9.0 |
| 2008-12-19 | CVE-2008-5693 | Improper Input Validation vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | 5.0 |
| 2008-12-19 | CVE-2008-5692 | Improper Authentication vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | 5.0 |
| 2008-08-27 | CVE-2008-3795 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ipswitch WS FTP Home Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." | 10.0 |
| 2008-08-20 | CVE-2008-3734 | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP Home and WS FTP PRO Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | 9.3 |
| 2008-02-25 | CVE-2008-0946 | Path Traversal vulnerability in Ipswitch Imserver and Instant Messaging Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. | 4.9 |
| 2008-02-25 | CVE-2008-0945 | USE of Externally-Controlled Format String vulnerability in Ipswitch Imserver and Instant Messaging Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | 3.5 |
| 2008-02-25 | CVE-2008-0944 | Numeric Errors vulnerability in Ipswitch Instant Messaging 2.0.8.1 Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | 5.0 |
| 2008-02-06 | CVE-2008-0608 | Buffer Errors vulnerability in Ipswitch WS FTP 6.1 The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. | 5.0 |