CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ipswitch : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5693 20 2008-12-19 2009-02-18
5.0
None Remote Low Not required Partial None None
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
2 CVE-2008-5692 287 Bypass 2008-12-19 2009-01-29
5.0
None Remote Low Not required Partial None None
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
3 CVE-2008-0944 189 DoS 2008-02-25 2008-09-05
5.0
None Remote Low Not required Partial None None
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
4 CVE-2008-0608 119 DoS Overflow 2008-02-06 2008-09-05
5.0
None Remote Low Not required None None Partial
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
5 CVE-2007-3959 DoS 2007-07-24 2008-09-05
5.0
None Remote Low Not required None None Partial
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
6 CVE-2006-5001 2006-09-26 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
7 CVE-2006-2357 2006-05-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
8 CVE-2006-2356 200 +Info 2006-05-15 2013-01-03
5.0
None Remote Low Not required Partial None None
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
9 CVE-2006-2355 +Info 2006-05-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10 CVE-2006-2354 2006-05-15 2008-09-05
5.0
None Remote Low Not required Partial None None
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11 CVE-2006-2353 2006-05-15 2008-09-05
5.0
None Remote Low Not required None Partial None
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.
12 CVE-2006-0911 399 DoS 2006-02-28 2011-08-31
5.0
None Remote Low Not required None None Partial
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.
13 CVE-2005-2160 +Info 2005-07-06 2008-09-05
5.0
None Remote Low Not required Partial None None
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
14 CVE-2005-1939 Dir. Trav. 2005-12-31 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).
15 CVE-2005-1254 DoS Overflow 2005-05-25 2008-11-15
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
16 CVE-2005-1252 Dir. Trav. 2005-05-25 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
17 CVE-2005-1249 DoS 2005-05-25 2008-11-15
5.0
None Remote Low Not required None None Partial
The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
18 CVE-2004-2423 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
19 CVE-2004-2422 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
20 CVE-2004-1848 399 DoS Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
21 CVE-2004-1643 DoS 2004-08-29 2008-09-05
5.0
None Remote Low Not required None None Partial
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.
22 CVE-2004-1135 DoS Overflow 2005-01-10 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
23 CVE-2004-0799 DoS 2004-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
24 CVE-2002-1077 DoS 2002-10-04 2008-09-05
5.0
None Remote Low Not required None None Partial
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
25 CVE-2001-1285 Dir. Trav. 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
26 CVE-2001-1282 +Info 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
27 CVE-2001-1281 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
28 CVE-2001-1280 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
29 CVE-2001-0039 DoS 2001-02-16 2008-09-05
5.0
None Remote Low Not required None None Partial
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
30 CVE-2000-0839 DoS 2000-11-14 2008-09-05
5.0
None Remote Low Not required None None Partial
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).
31 CVE-2000-0825 DoS 2000-11-14 2008-09-05
5.0
None Remote Low Not required None None Partial
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
32 CVE-2000-0301 DoS 2000-04-06 2008-09-10
5.0
None Remote Low Not required None None Partial
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
33 CVE-2000-0056 DoS 2000-01-05 2008-09-10
5.0
None Remote Low Not required None None Partial
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
34 CVE-1999-1557 DoS Exec Code Overflow 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
35 CVE-1999-1551 DoS Exec Code Overflow 1999-03-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
36 CVE-1999-0362 DoS 1999-02-02 2008-09-09
5.0
None Remote Low Not required None None Partial
WS_FTP server remote denial of service through cwd command.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.