Vulnerabilities > Ipswitch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-05 | CVE-2014-3878 | Cross-Site Scripting vulnerability in Ipswitch Imail Server 12.3/12.4 Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | 4.3 |
| 2011-03-16 | CVE-2011-1430 | Improper Input Validation vulnerability in Ipswitch Imail The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
| 2010-04-21 | CVE-2009-4775 | USE of Externally-Controlled Format String vulnerability in Ipswitch WS FTP 12.0/12.0.1 Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | 4.3 |
| 2008-12-19 | CVE-2008-5693 | Improper Input Validation vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | 5.0 |
| 2008-12-19 | CVE-2008-5692 | Improper Authentication vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | 5.0 |
| 2008-02-25 | CVE-2008-0946 | Path Traversal vulnerability in Ipswitch Imserver and Instant Messaging Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. | 4.9 |
| 2008-02-25 | CVE-2008-0944 | Numeric Errors vulnerability in Ipswitch Instant Messaging 2.0.8.1 Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | 5.0 |
| 2008-02-06 | CVE-2008-0608 | Buffer Errors vulnerability in Ipswitch WS FTP 6.1 The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. | 5.0 |
| 2007-08-28 | CVE-2007-4555 | Cross-Site Scripting vulnerability in Ipswitch WS FTP Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. | 4.3 |
| 2007-07-24 | CVE-2007-3959 | Remote Denial of Service vulnerability in Ipswitch Imserver and Ipswitch Collaboration Suite The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. | 5.0 |