Vulnerabilities > Ipswitch
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-13 | CVE-2006-3552 | Remote Security vulnerability in Ipswitch products Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission. | 6.4 |
2006-05-22 | CVE-2006-2531 | Authentication Bypass vulnerability in Ipswitch Whatsup Professional2006 Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | 7.5 |
2006-05-15 | CVE-2006-2357 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | 5.0 |
2006-05-15 | CVE-2006-2356 | Information Exposure vulnerability in Ipswitch Whatsup Professional 2006 NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | 5.0 |
2006-05-15 | CVE-2006-2355 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. | 5.0 |
2006-05-15 | CVE-2006-2354 | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. | 5.0 |
2006-05-15 | CVE-2006-2353 | Permissions, Privileges, and Access Controls vulnerability in Ipswitch Whatsup Professional 2006/2006Premium NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | 5.0 |
2006-05-15 | CVE-2006-2352 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. network ipswitch | 4.3 |
2006-05-15 | CVE-2006-2351 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | 4.3 |
2006-02-28 | CVE-2006-0911 | Resource Management Errors vulnerability in Ipswitch Whatsup Professional2006 NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. | 5.0 |