CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2353
https://notcve.org/view.php?id=CVE-2006-2353
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. • http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.osvdb.org/25473 http://www.securityfocus.com/archive/1/433808 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26502 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2354
https://notcve.org/view.php?id=CVE-2006-2354
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 http://www.osvdb.org/25476 https://exchange.xforce.ibmcloud.com/vulnerabilities/26503 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 4CVE-2006-0911 – Ipswitch WhatsUp Professional 2006 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0911
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. • https://www.exploit-db.com/exploits/27258 http://securityreason.com/securityalert/472 http://www.osvdb.org/23494 http://www.securityfocus.com/archive/1/425780/100/0/threaded http://www.securityfocus.com/bid/16771 http://www.vupen.com/english/advisories/2006/0704 http://zur.homelinux.com/Advisories/ipswitch_dos.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/24864 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 14%CPEs: 2EXPL: 0CVE-2005-3526 – Ipswitch Collaboration Suite Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2005-3526
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite. Authentication is required to exploit this vulnerability. This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. • http://secunia.com/advisories/19168 http://securityreason.com/securityalert/577 http://securitytracker.com/id?1015759 http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.osvdb.org/23796 http://www.securityfocus.com/archive/1/427536/100/0/threaded http://www.securityfocus.com/bid/17063 http://www.vupen.com/english/advisories/2006/0907 http://www.zerodayinitiative.com/advisories/ZDI-06-003.html https://exchange.xforce.ibmcloud.com/vulnerabilities/25133 •
CVSS: 5.0EPSS: 89%CPEs: 1EXPL: 6CVE-2005-1939 – IPSwitch WhatsUp Small Business 2004 Report Service - Directory Traversal
https://notcve.org/view.php?id=CVE-2005-1939
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). • https://www.exploit-db.com/exploits/26464 http://cirt.dk/advisories/cirt-40-advisory.pdf http://secunia.com/advisories/15500 http://secunia.com/secunia_research/2005-14/advisory http://securitytracker.com/id?1015141 http://www.securityfocus.com/bid/15291 https://exchange.xforce.ibmcloud.com/vulnerabilities/22969 •