Vulnerabilities > Ipswitch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-15 | CVE-2006-2351 | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | 4.3 |
| 2006-02-28 | CVE-2006-0911 | Resource Management Errors vulnerability in Ipswitch Whatsup Professional2006 NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. | 5.0 |
| 2005-12-31 | CVE-2005-3526 | Remote Buffer Overflow vulnerability in Ipswitch IMail Server / Collaboration Suite IMAP FETCH Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. | 6.5 |
| 2005-12-31 | CVE-2005-1939 | Directory Traversal vulnerability in Ipswitch Whatsup Small Business 2004 Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). | 5.0 |
| 2005-12-07 | CVE-2005-2923 | Improper Input Validation vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. | 4.0 |
| 2005-05-25 | CVE-2005-1254 | Multiple vulnerability in Ipswitch IMail Server Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | 5.0 |
| 2005-05-25 | CVE-2005-1252 | Multiple vulnerability in Ipswitch IMail Server Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. | 5.0 |
| 2005-05-25 | CVE-2005-1249 | Multiple vulnerability in Ipswitch IMail Server The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. | 5.0 |
| 2005-05-02 | CVE-1999-1557 | Denial-Of-Service vulnerability in Ipswitch Imail 5.0 Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. | 5.0 |
| 2005-01-10 | CVE-2004-1135 | Denial-Of-Service vulnerability in Ipswitch WS FTP Server 5.03 Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | 5.0 |