Filtered by vendor Ipswitch
Subscribe
Total
109 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
CVE-2004-0799 | 2 Ipswitch, Progress | 2 Whatsup Gold, Whatsup Gold | 2025-04-03 | 5.0 MEDIUM | N/A |
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". | |||||
CVE-2001-1280 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. | |||||
CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | |||||
CVE-2001-1282 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. | |||||
CVE-2005-1254 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | |||||
CVE-2001-1284 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. | |||||
CVE-2006-4379 | 1 Ipswitch | 3 Imail Plus, Imail Secure Server, Ipswitch Collaboration Suite | 2025-04-03 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. | |||||
CVE-2004-0297 | 1 Ipswitch | 1 Imail | 2025-04-03 | 10.0 HIGH | N/A |
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. | |||||
CVE-2004-1848 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | |||||
CVE-2000-0839 | 1 Ipswitch | 1 Wincom Lpd | 2025-04-03 | 5.0 MEDIUM | N/A |
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515). | |||||
CVE-2004-2401 | 1 Ipswitch | 1 Imail Express | 2025-04-03 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." | |||||
CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-03 | 7.5 HIGH | N/A |
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. | |||||
CVE-2006-2352 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-1250 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | 7.5 HIGH | N/A |
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). | |||||
CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | 7.5 HIGH | N/A |
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | |||||
CVE-2001-1281 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. | |||||
CVE-2000-0301 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. | |||||
CVE-2000-0019 | 1 Ipswitch | 1 Imail | 2025-04-03 | 2.1 LOW | N/A |
IMail POP3 daemon uses weak encryption, which allows local users to read files. | |||||
CVE-2004-1884 | 2 Ipswitch, Progress | 3 Ws Ftp Pro, Ws Ftp Server, Ws Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. |