CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ipswitch : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-4344 79 1 XSS 2012-08-15 2012-11-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.
2 CVE-2012-2601 89 1 Exec Code Sql 2012-08-15 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
3 CVE-2011-1430 20 2011-03-16 2011-03-17
6.8
None Remote Medium Not required Partial Partial Partial
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
4 CVE-2009-4775 134 1 DoS 2010-04-21 2010-04-22
4.3
None Remote Medium Not required None None Partial
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
5 CVE-2008-5693 20 2008-12-19 2009-02-18
5.0
None Remote Low Not required Partial None None
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
6 CVE-2008-5692 287 Bypass 2008-12-19 2009-01-29
5.0
None Remote Low Not required Partial None None
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
7 CVE-2008-3795 119 1 Overflow 2008-08-27 2009-03-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."
8 CVE-2008-3734 134 1 DoS Exec Code 2008-08-20 2009-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
9 CVE-2008-0946 22 Dir. Trav. 2008-02-25 2008-09-05
4.9
None Remote Medium Single system Partial Partial None
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
10 CVE-2008-0945 134 DoS 2008-02-25 2008-09-05
3.5
None Remote Medium Single system None None Partial
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
11 CVE-2008-0944 189 DoS 2008-02-25 2008-09-05
5.0
None Remote Low Not required Partial None None
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
12 CVE-2008-0608 119 DoS Overflow 2008-02-06 2008-09-05
5.0
None Remote Low Not required None None Partial
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
13 CVE-2008-0590 119 1 DoS Exec Code Overflow 2008-02-05 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
14 CVE-2007-5094 119 1 Exec Code Overflow 2007-09-26 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line.
15 CVE-2007-4555 79 XSS 2007-08-27 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.
16 CVE-2007-4345 119 Exec Code Overflow 2007-10-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.
17 CVE-2007-3959 DoS 2007-07-24 2008-09-05
5.0
None Remote Low Not required None None Partial
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
18 CVE-2007-3927 Exec Code Overflow 2007-07-20 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."
19 CVE-2007-3926 DoS 2007-07-20 2008-09-05
7.8
None Remote Low Not required None None Complete
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
20 CVE-2007-3925 119 Exec Code Overflow 2007-07-20 2008-09-05
6.5
None Remote Low Single system Partial Partial Partial
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
21 CVE-2007-3823 1 DoS 2007-07-16 2008-09-05
7.8
None Remote Low Not required None None Complete
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
22 CVE-2007-2795 119 Exec Code Overflow 2009-01-27 2009-01-28
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
23 CVE-2007-2602 DoS Exec Code Overflow 2007-05-11 2008-11-15
7.8
None Remote Low Not required None None Complete
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
24 CVE-2007-2213 DoS 2007-04-24 2008-09-05
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
25 CVE-2007-1637 Exec Code Overflow 2007-03-23 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
26 CVE-2007-0666 Exec Code 2007-02-02 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.
27 CVE-2007-0665 Exec Code 2007-02-02 2008-11-13
6.8
User Remote Medium Not required Partial Partial Partial
Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.
28 CVE-2007-0330 DoS Exec Code Overflow 2007-01-17 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.
29 CVE-2006-5001 2006-09-26 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
30 CVE-2006-5000 Overflow 2006-09-26 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
31 CVE-2006-4974 Exec Code Overflow 2006-09-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
32 CVE-2006-4847 Exec Code Overflow 2006-09-18 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
33 CVE-2006-4379 Exec Code Overflow 2006-09-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
34 CVE-2006-3552 2006-07-12 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission.
35 CVE-2006-2531 Bypass 2006-05-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Ipswitch WhatsUp Professional 2006 only verifies the users identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
36 CVE-2006-2357 2006-05-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
37 CVE-2006-2356 200 +Info 2006-05-15 2013-01-03
5.0
None Remote Low Not required Partial None None
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
38 CVE-2006-2355 +Info 2006-05-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
39 CVE-2006-2354 2006-05-15 2008-09-05
5.0
None Remote Low Not required Partial None None
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
40 CVE-2006-2353 2006-05-15 2008-09-05
5.0
None Remote Low Not required None Partial None
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.
41 CVE-2006-2352 XSS 2006-05-15 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
42 CVE-2006-2351 79 XSS 2006-05-15 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
43 CVE-2006-0911 399 DoS 2006-02-28 2011-08-31
5.0
None Remote Low Not required None None Partial
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.
44 CVE-2005-3526 Exec Code Overflow 2005-12-31 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
45 CVE-2005-2931 Exec Code 2005-12-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.
46 CVE-2005-2923 20 DoS 2005-12-06 2008-09-05
4.0
None Remote Low Single system None None Partial
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
47 CVE-2005-2160 +Info 2005-07-06 2008-09-05
5.0
None Remote Low Not required Partial None None
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
48 CVE-2005-1939 Dir. Trav. 2005-12-31 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).
49 CVE-2005-1256 Exec Code Overflow 2005-05-25 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
50 CVE-2005-1255 Exec Code Overflow 2005-05-25 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
Total number of vulnerabilities : 100   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.