CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2006-2356
https://notcve.org/view.php?id=CVE-2006-2356
15 May 2006 — NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. • http://secunia.com/advisories/20075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2357
https://notcve.org/view.php?id=CVE-2006-2357
15 May 2006 — Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. • http://secunia.com/advisories/20075 •
CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 4CVE-2006-0911 – Ipswitch WhatsUp Professional 2006 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0911
28 Feb 2006 — NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of th... • https://www.exploit-db.com/exploits/27258 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 38%CPEs: 1EXPL: 6CVE-2005-1939 – IPSwitch WhatsUp Small Business 2004 Report Service - Directory Traversal
https://notcve.org/view.php?id=CVE-2005-1939
31 Dec 2005 — Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). • https://www.exploit-db.com/exploits/26464 •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-3526 – Ipswitch Collaboration Suite Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2005-3526
31 Dec 2005 — Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite. Authentication is required to exploit this vulnerability. This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exp... • http://secunia.com/advisories/19168 •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2005-2923
https://notcve.org/view.php?id=CVE-2005-2923
07 Dec 2005 — The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. • http://secunia.com/advisories/17863 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2005-2931
https://notcve.org/view.php?id=CVE-2005-2931
07 Dec 2005 — Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. • http://secunia.com/advisories/17863 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-2160
https://notcve.org/view.php?id=CVE-2005-2160
06 Jul 2005 — IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=112060187204457&w=2 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 1CVE-2005-1250 – Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1250
22 Jun 2005 — SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). • https://www.exploit-db.com/exploits/25874 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1249
https://notcve.org/view.php?id=CVE-2005-1249
25 May 2005 — The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. • http://securitytracker.com/id?1014047 •