CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2006-2356
https://notcve.org/view.php?id=CVE-2006-2356
15 May 2006 — NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. • http://secunia.com/advisories/20075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2357
https://notcve.org/view.php?id=CVE-2006-2357
15 May 2006 — Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. • http://secunia.com/advisories/20075 •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 5CVE-2006-2351 – Ipswitch WhatsUp Professional 2006 - '/NmConsole/Navigation.asp?sDeviceView' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2351
15 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. • https://www.exploit-db.com/exploits/27861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 4CVE-2006-0911 – Ipswitch WhatsUp Professional 2006 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0911
28 Feb 2006 — NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of th... • https://www.exploit-db.com/exploits/27258 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 38%CPEs: 1EXPL: 6CVE-2005-1939 – IPSwitch WhatsUp Small Business 2004 Report Service - Directory Traversal
https://notcve.org/view.php?id=CVE-2005-1939
31 Dec 2005 — Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). • https://www.exploit-db.com/exploits/26464 •
CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 1CVE-2005-1250 – Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1250
22 Jun 2005 — SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). • https://www.exploit-db.com/exploits/25874 •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 0CVE-2004-0799
https://notcve.org/view.php?id=CVE-2004-0799
17 Sep 2004 — The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". El demonio HTTP de Ipswitch WhatsUp Gold 8,03 y 8.03 Hotfix 1 permite a atacantes remotos causar una denegación de servicio (caída del servidor) mediante una petición GET conteniendo un nombre de dispositivo MS-DOS, como se ha demostrado usando "prn.htm". • http://www.idefense.com/application/poi/display?id=142&type=vulnerabilities •
CVSS: 9.8EPSS: 64%CPEs: 6EXPL: 2CVE-2004-0798 – IPSwitch WhatsUp Gold 8.03 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0798
27 Aug 2004 — Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter. Desbordamiento de búfer en el script _maincfgret.cgi de Ipswithc WhatsUp Gold anteriores a 8.03 Hotfix 1 permite a atacantes remotos ejecutar código de su elección mediante un parámetro instancename largo. • https://www.exploit-db.com/exploits/566 •