Vulnerabilities > Ipswitch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-05 | CVE-2014-3878 | Cross-Site Scripting vulnerability in Ipswitch Imail Server 12.3/12.4 Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | 4.3 |
| 2012-08-15 | CVE-2012-4344 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Gold 15.02 Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. | 4.3 |
| 2012-08-15 | CVE-2012-2601 | SQL Injection vulnerability in Ipswitch Whatsup Gold 15.02 SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | 7.5 |
| 2011-03-16 | CVE-2011-1430 | Improper Input Validation vulnerability in Ipswitch Imail The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
| 2010-04-21 | CVE-2009-4775 | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP 12.0/12.0.1 Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | 4.3 |
| 2009-01-27 | CVE-2007-2795 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ipswitch Imail Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. | 9.0 |
| 2008-12-19 | CVE-2008-5693 | Improper Input Validation vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | 5.0 |
| 2008-12-19 | CVE-2008-5692 | Improper Authentication vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | 5.0 |
| 2008-08-27 | CVE-2008-3795 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ipswitch WS FTP Home Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." | 10.0 |
| 2008-08-20 | CVE-2008-3734 | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP Home and WS FTP PRO Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | 9.3 |