7 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2

NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. • http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.osvdb.org/25475 http://www.securityfocus.com/archive/1/433808 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26505 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. • https://www.exploit-db.com/exploits/27861 https://www.exploit-db.com/exploits/27862 http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.osvdb.org/25469 http://www.osvdb.org/25470 http://www.securityfocus.com/archive/1/433808 http://www.securityfocus.com/bid/17964 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 http://www.osvdb.org/25471 http://www.osvdb.org/25472 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26501 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1

Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 http://www.osvdb.org/25477 https://exchange.xforce.ibmcloud.com/vulnerabilities/26504 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. • http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.securityfocus.com/archive/1/433808 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26506 •