CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2531 – Ipswitch WhatsUp Professional 2006 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2006-2531
22 May 2006 — Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". • https://www.exploit-db.com/exploits/27891 •
CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 4CVE-2006-0911 – Ipswitch WhatsUp Professional 2006 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0911
28 Feb 2006 — NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of th... • https://www.exploit-db.com/exploits/27258 • CWE-399: Resource Management Errors •