Filtered by vendor Ipswitch
Subscribe
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
|
|||||
| CVE-2006-2354 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-0825 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
|
|||||
| CVE-2005-1255 | 1 Ipswitch | 3 Imail, Imail Server, Ipswitch Collaboration Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
|
|||||
| CVE-2006-2353 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.
|
|||||
| CVE-1999-0362 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WS_FTP server remote denial of service through cwd command.
|
|||||
| CVE-2005-1252 | 1 Ipswitch | 2 Imail, Imail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
|
|||||
| CVE-2004-2422 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
|
|||||
| CVE-2005-3526 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
|
|||||
| CVE-2005-1250 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
|
|||||
| CVE-2006-4847 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
|
|||||
| CVE-2006-3552 | 1 Ipswitch | 2 Ipswitch Collaboration Suite, Ipswitch Secure Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission.
|
|||||
| CVE-2006-4974 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
|
|||||
| CVE-2006-2357 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
|
|||||
| CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
|
|||||
| CVE-1999-1171 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
|
|||||
| CVE-2005-0707 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.
|
|||||
| CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
|
|||||
| CVE-2005-2923 | 1 Ipswitch | 2 Imail Server, Ipswitch Collaboration Suite | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
|
|||||
| CVE-2006-2355 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1551 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
|
|||||
| CVE-2000-0780 | 1 Ipswitch | 1 Imail | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2019-18465 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
|
|||||
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the datab ...
Show More |
|||||
| CVE-2019-16383 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
|
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.
|
|||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
|
|||||
| CVE-2019-12145 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.
|
|||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature.
|
|||||
| CVE-2018-6545 | 1 Ipswitch | 1 Moveit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.
|
|||||