CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-4344 – ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-4344
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Ipswitch WhatsUp Gold v15.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con el nombre del sistema SNMP de la máquina atacante. • https://www.exploit-db.com/exploits/20035 http://www.exploit-db.com/exploits/20035 http://www.kb.cert.org/vuls/id/777007 https://exchange.xforce.ibmcloud.com/vulnerabilities/77150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2012-2601 – ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-2601
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. Vulnerabilidad de inyección de comandos SQL en WrVMwareHostList.asp in Ipswitch WhatsUp Gold v15.02 permite a atacantes remotos ejecutar comandos SQL a través del parámetro sGroupList. Ipswitch WhatsUp Gold version 15.02 suffers from code execution, cross site scripting, and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/20035 http://www.exploit-db.com/exploits/20035 http://www.kb.cert.org/vuls/id/777007 http://www.securityfocus.com/bid/54626 http://www.securitytracker.com/id?1027325 http://www.whatsupgold.com/blog/2012/07/23/keeping-whatsup-gold-secure https://exchange.xforce.ibmcloud.com/vulnerabilities/77152 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •