CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 5CVE-2006-2351 – Ipswitch WhatsUp Professional 2006 - '/NmConsole/Navigation.asp?sDeviceView' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2351
15 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. • https://www.exploit-db.com/exploits/27861 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2352
https://notcve.org/view.php?id=CVE-2006-2352
15 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2353
https://notcve.org/view.php?id=CVE-2006-2353
15 May 2006 — NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. • http://secunia.com/advisories/20075 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2354
https://notcve.org/view.php?id=CVE-2006-2354
15 May 2006 — NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 1CVE-2006-2355
https://notcve.org/view.php?id=CVE-2006-2355
15 May 2006 — Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20075 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2006-2356
https://notcve.org/view.php?id=CVE-2006-2356
15 May 2006 — NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. • http://secunia.com/advisories/20075 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2357
https://notcve.org/view.php?id=CVE-2006-2357
15 May 2006 — Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. • http://secunia.com/advisories/20075 •