2 results (0.004 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". • https://www.exploit-db.com/exploits/27891 http://www.ftusecurity.com/pub/whatsup.public.pdf http://www.securityfocus.com/archive/1/434247/100/0/threaded http://www.securityfocus.com/archive/1/434447/100/0/threaded http://www.securityfocus.com/bid/18019 http://www.vupen.com/english/advisories/2006/1849 https://exchange.xforce.ibmcloud.com/vulnerabilities/26529 •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 4

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. • https://www.exploit-db.com/exploits/27258 http://securityreason.com/securityalert/472 http://www.osvdb.org/23494 http://www.securityfocus.com/archive/1/425780/100/0/threaded http://www.securityfocus.com/bid/16771 http://www.vupen.com/english/advisories/2006/0704 http://zur.homelinux.com/Advisories/ipswitch_dos.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/24864 • CWE-399: Resource Management Errors •