CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2014-3878 – IPSwitch IMail Server WEB client 12.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3878
04 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. Múltiples vulnerabilidades de XSS en la interfaz de cliente web en Ipswitch ... • https://packetstorm.news/files/id/126948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 3CVE-2012-2601 – ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2601
15 Aug 2012 — SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. Vulnerabilidad de inyección de comandos SQL en WrVMwareHostList.asp in Ipswitch WhatsUp Gold v15.02 permite a atacantes remotos ejecutar comandos SQL a través del parámetro sGroupList. • https://www.exploit-db.com/exploits/20035 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 9%CPEs: 1EXPL: 2CVE-2012-4344 – ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-4344
15 Aug 2012 — Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Ipswitch WhatsUp Gold v15.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con el nombre del sistema SNMP de la máquina atacante. • https://www.exploit-db.com/exploits/20035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 47EXPL: 0CVE-2011-1430
https://notcve.org/view.php?id=CVE-2011-1430
16 Mar 2011 — The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación del servidor Ipswitch IMail v11.03 no restringe el búfer I/O de forma adecuada, lo que permite a los atacantes "man-in-the-middl... • http://secunia.com/advisories/43676 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 13%CPEs: 4EXPL: 4CVE-2009-4775 – Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2009-4775
21 Apr 2010 — Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Professional v12 anterior a v12.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de especificadores de formato de cadena en el "status code" de una respuesta HTTP. • https://www.exploit-db.com/exploits/9607 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2008-5692 – Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-5692
19 Dec 2008 — Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticación y leer los logs a través de una acción logLogout a FTPLogServer/login.as... • https://www.exploit-db.com/exploits/31117 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2008-5693
https://notcve.org/view.php?id=CVE-2008-5693
19 Dec 2008 — Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. Ipswitch WS_FTP Server Manager 6.1.0.0 y anteriores, y posiblemente otros productos de Ipswitch, podría permitir a atacantes remotos leer el contenido de ficheros ASP en WSFTPSVR/ a través de una solicitud con un carácter punto al final. • http://aluigi.altervista.org/adv/wsftpweblog-adv.txt • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3795 – Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2008-3795
27 Aug 2008 — Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." Desbordamiento del búfer en Ipswitch WS_FTP Home client, permite a servidores FTP remotos tener un impacto desconocido mediante un largo "mensaje de respuesta". • https://www.exploit-db.com/exploits/6257 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 68%CPEs: 2EXPL: 2CVE-2008-3734 – Ipswitch WS_FTP Home/Professional FTP Client - Remote Format String (PoC)
https://notcve.org/view.php?id=CVE-2008-3734
20 Aug 2008 — Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). Vulnerabilidad de formato de cadena en Ipswitch WS_FTP Home 2007.0.0.2 y WS_FTP Professional 2007.1.0.0, permite a servidores FTP remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elecc... • https://www.exploit-db.com/exploits/6257 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3CVE-2008-0944 – Ipswitch Instant Messaging 2.0.8.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0944
25 Feb 2008 — Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. Ipswitch Instant Messaging (IM) 2.0.8.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia nula y caída de aplicación) a través de un campo de versión cuyo valor es cero. • https://www.exploit-db.com/exploits/31122 • CWE-189: Numeric Errors •