Vulnerabilities > Ipswitch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-02 | CVE-2007-0666 | Remote Security vulnerability in Ipswitch WS FTP Server 5.04 Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. network ipswitch | 6.8 |
| 2007-02-02 | CVE-2007-0665 | Unspecified vulnerability in Ipswitch WS FTP PRO 2007 Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. network ipswitch | 6.8 |
| 2007-01-18 | CVE-2007-0330 | Local Memory Corruption vulnerability in Ipswitch WS FTP PRO 2007 Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | 7.5 |
| 2006-09-25 | CVE-2006-4974 | Remote Buffer Overflow vulnerability in Ipswitch WS FTP Server 5.08Limitededition Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | 7.5 |
| 2006-09-08 | CVE-2006-4379 | Stack Overflow vulnerability in Ipswitch products Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. | 7.5 |
| 2006-07-13 | CVE-2006-3552 | Remote Security vulnerability in Ipswitch products Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission. | 6.4 |
| 2006-05-22 | CVE-2006-2531 | Authentication Bypass vulnerability in Ipswitch Whatsup Professional2006 Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | 7.5 |
| 2006-05-15 | CVE-2006-2357 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | 5.0 |
| 2006-05-15 | CVE-2006-2356 | Information Exposure vulnerability in Ipswitch Whatsup Professional 2006 NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | 5.0 |
| 2006-05-15 | CVE-2006-2355 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. | 5.0 |