CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2357
https://notcve.org/view.php?id=CVE-2006-2357
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. • http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.securityfocus.com/archive/1/433808 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26506 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2353
https://notcve.org/view.php?id=CVE-2006-2353
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. • http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.osvdb.org/25473 http://www.securityfocus.com/archive/1/433808 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26502 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2354
https://notcve.org/view.php?id=CVE-2006-2354
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 http://www.osvdb.org/25476 https://exchange.xforce.ibmcloud.com/vulnerabilities/26503 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 4CVE-2006-0911 – Ipswitch WhatsUp Professional 2006 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0911
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. • https://www.exploit-db.com/exploits/27258 http://securityreason.com/securityalert/472 http://www.osvdb.org/23494 http://www.securityfocus.com/archive/1/425780/100/0/threaded http://www.securityfocus.com/bid/16771 http://www.vupen.com/english/advisories/2006/0704 http://zur.homelinux.com/Advisories/ipswitch_dos.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/24864 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 89%CPEs: 1EXPL: 6CVE-2005-1939 – IPSwitch WhatsUp Small Business 2004 Report Service - Directory Traversal
https://notcve.org/view.php?id=CVE-2005-1939
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). • https://www.exploit-db.com/exploits/26464 http://cirt.dk/advisories/cirt-40-advisory.pdf http://secunia.com/advisories/15500 http://secunia.com/secunia_research/2005-14/advisory http://securitytracker.com/id?1015141 http://www.securityfocus.com/bid/15291 https://exchange.xforce.ibmcloud.com/vulnerabilities/22969 •