Vulnerabilities (CVE)

Filtered by vendor Ipswitch Subscribe
Total 109 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2160 1 Ipswitch 1 Imail 2025-04-03 5.0 MEDIUM 7.5 HIGH
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2004-0799 2 Ipswitch, Progress 2 Whatsup Gold, Whatsup Gold 2025-04-03 5.0 MEDIUM N/A
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
CVE-2001-1280 1 Ipswitch 1 Imail 2025-04-03 5.0 MEDIUM N/A
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
CVE-2006-2356 1 Ipswitch 1 Whatsup Professional 2025-04-03 5.0 MEDIUM N/A
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
CVE-2001-1282 1 Ipswitch 1 Imail 2025-04-03 5.0 MEDIUM N/A
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
CVE-2005-1254 1 Ipswitch 1 Imail 2025-04-03 5.0 MEDIUM N/A
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
CVE-2001-1284 1 Ipswitch 1 Imail 2025-04-03 7.5 HIGH N/A
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVE-2006-4379 1 Ipswitch 3 Imail Plus, Imail Secure Server, Ipswitch Collaboration Suite 2025-04-03 7.5 HIGH N/A
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
CVE-2004-0297 1 Ipswitch 1 Imail 2025-04-03 10.0 HIGH N/A
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
CVE-2004-1848 2 Ipswitch, Progress 2 Ws Ftp Server, Ws Ftp Server 2025-04-03 5.0 MEDIUM N/A
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
CVE-2000-0839 1 Ipswitch 1 Wincom Lpd 2025-04-03 5.0 MEDIUM N/A
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).
CVE-2004-2401 1 Ipswitch 1 Imail Express 2025-04-03 7.5 HIGH N/A
Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."
CVE-2002-1851 1 Ipswitch 1 Ws Ftp Pro 2025-04-03 7.5 HIGH N/A
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
CVE-2006-2352 1 Ipswitch 1 Whatsup Professional 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-1250 1 Ipswitch 1 Whatsup 2025-04-03 7.5 HIGH N/A
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
CVE-2006-2531 1 Ipswitch 1 Whatsup 2025-04-03 7.5 HIGH N/A
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
CVE-2001-1281 1 Ipswitch 1 Imail 2025-04-03 5.0 MEDIUM N/A
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
CVE-2000-0301 1 Ipswitch 1 Imail 2025-04-03 5.0 MEDIUM N/A
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
CVE-2000-0019 1 Ipswitch 1 Imail 2025-04-03 2.1 LOW N/A
IMail POP3 daemon uses weak encryption, which allows local users to read files.
CVE-2004-1884 2 Ipswitch, Progress 3 Ws Ftp Pro, Ws Ftp Server, Ws Ftp Server 2025-04-03 7.5 HIGH N/A
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.