Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:FBB149991D1DC9B42FA13F3894FD9AA1
HistorySep 08, 2006 - 12:00 a.m.

WhatsUp Gold _maincfgret.cgi instancename buffer overflow

2006-09-0800:00:00
SAINT Corporation
download.saintcorporation.com
24

0.931 High

EPSS

Percentile

99.1%

JSON

Added: 09/08/2006
CVE: CVE-2004-0798
BID: 11043
OSVDB: 9177

Background

WhatsUp Professional (formerly WhatsUp Gold) is a network mapping and monitoring tool.

Problem

A buffer overflow in the WhatsUp Gold web interface allows remote command execution by requesting **_maincfgret.cgi** with a long **instancename** parameter.

Resolution

Install WhatsUp Gold 8.03 Hotfix 1.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=133&amp;type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=133&type=vulnerabilities
>)

Limitations

Exploit works on Ipswitch WhatsUp Gold 8.03.

Successful exploitation requires valid user credentials with permissions to Configure Program and Configure Reports.

Note that the WhatsUp Gold installation path may affect the success of this exploit. The exploit is designed to work with the default installation path only.

Platforms

Windows

Related

saint 3
openvas 2
cve 1
nessus 1
checkpoint_advisories 1
nvd 1
packetstorm 1
securityvulns 1
cvelist 1
kaspersky 1
saint
saint
WhatsUp Gold _maincfgret.cgi instancename buffer overflow
2006-09-08 00:00:00
WhatsUp Gold _maincfgret.cgi instancename buffer overflow
2006-09-08 00:00:00
WhatsUp Gold _maincfgret.cgi instancename buffer overflow
2006-09-08 00:00:00
openvas
openvas
Whatsup Gold vulnerable CGI
2005-11-03 00:00:00
Whatsup Gold vulnerable CGI
2005-11-03 00:00:00
cve
cve
CVE-2004-0798
2004-10-20 04:00:00
nessus
nessus
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
2004-10-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Ipswitch WhatsUp Gold Web Server Buffer Overflow (CVE-2004-0798)
2010-02-14 00:00:00
nvd
nvd
CVE-2004-0798
2004-10-20 04:00:00
packetstorm
packetstorm
Ipswitch WhatsUp Gold 8.03 Buffer Overflow
2009-11-26 00:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 08.25.04: Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability
2004-08-30 00:00:00
cvelist
cvelist
CVE-2004-0798
2004-08-27 04:00:00
kaspersky
kaspersky
KLA10226 Multiple vulnerabilities in WahtsUp Gold
2004-10-20 00:00:00

0.931 High

EPSS

Percentile

99.1%

JSON
Related for SAINT:FBB149991D1DC9B42FA13F3894FD9AA1
saint3openvas2cve1nessus1checkpoint_advisories1nvd1packetstorm1securityvulns1cvelist1kaspersky1