CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2006-4974 – Ipswitch WS_FTP LE 5.08 - PASV Response Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4974
25 Sep 2006 — Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. Desbordamiento de búfer en Ipswitch WS_FTP Limited Edition (LE) 5.08 permite a un a servidores FTP remotos ejecutar código de su elección a través de un repuesta grande a un comando PASV. • https://www.exploit-db.com/exploits/2401 •
CVSS: 8.8EPSS: 90%CPEs: 27EXPL: 2CVE-2006-4847 – Ipswitch WS_FTP Server 5.05 - XMD5 Overflow
https://notcve.org/view.php?id=CVE-2006-4847
19 Sep 2006 — Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. Múltiples desbordamientos de búfer en Ipswitch WS_FTP Server 5.05 anterior al Hotfix 1 permiten a usuarios autenticados remotamente ejecutar código de su elección a través de comandos largos (1) XCRC, (2) XSHA1, o (3) XMD5. • https://www.exploit-db.com/exploits/16717 •
CVSS: 9.8EPSS: 57%CPEs: 4EXPL: 3CVE-2006-4379 – Ipswitch Collaboration Suite SMTP Server Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-4379
08 Sep 2006 — Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. Desbordamiento de búfer basado en montón en SMTP Daemon en Ipswitch Collaboration 2006 Suite Premium y Standard Editions, IMail, IMail Plus, e IMail Secure, permite a un atacante remoto ejecutar código de su elección a través de una c... • https://www.exploit-db.com/exploits/2601 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3552
https://notcve.org/view.php?id=CVE-2006-3552
13 Jul 2006 — Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission. Premium Anti-Spam en Ipswitch IMail Secure Server 2006 y Collaboration Suite 2006 Premium, cuando utiliza un cierto archivo .dat en el directorio StarEngine /data desde 20060630 o ... • http://ipswitch.com/support/ics/updates/security_advisory_20060630.asp •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2531 – Ipswitch WhatsUp Professional 2006 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2006-2531
22 May 2006 — Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". • https://www.exploit-db.com/exploits/27891 •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 5CVE-2006-2351 – Ipswitch WhatsUp Professional 2006 - '/NmConsole/Navigation.asp?sDeviceView' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2351
15 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. • https://www.exploit-db.com/exploits/27861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2352
https://notcve.org/view.php?id=CVE-2006-2352
15 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2353
https://notcve.org/view.php?id=CVE-2006-2353
15 May 2006 — NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. • http://secunia.com/advisories/20075 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2354
https://notcve.org/view.php?id=CVE-2006-2354
15 May 2006 — NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 1CVE-2006-2355
https://notcve.org/view.php?id=CVE-2006-2355
15 May 2006 — Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 •