5 matches found
Ipswitch WhatsUp Web Interface SQL Injection (CVE-2005-1250)
WhatsUp Professional 2005 is a network monitoring and resource management solution. WhatsUp Professional uses a relational database to store the information about user accounts and network devices that are monitored by the application. The relational databases supported by WhatsUp Professional ar...
CVE-2005-1938
CVE-2005-1938 is a duplicate of CVE-2005-1250; this entry has been superseded. The connected advisory data describe a SQL injection in Ipswitch WhatsUp Professional 2005 SP1/Web login (NmConsole/Login.asp) that allows remote execution of arbitrary SQL via the sUserName or sPassword fields. The co...
CVE-2005-1690
CVE-2005-1690 is a duplicate of CVE-2005-1250. The connected docs describe a SQL injection vulnerability in Ipswitch WhatsUp Professional 2005 SP1, affecting the web front-end Login.asp (NmConsole/Login.asp) via parameters sUserName and sPassword, enabling arbitrary SQL execution and potential ad...
iDEFENSE Security Advisory 06.22.05: IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability
IpSwitch WhatsUp Professional 2005 SP1 SQL Injection Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=268&type=vulnerabilities June 22, 2005 I. BACKGROUND WhatsUp Professional 2005 SP1 is a network management solution for small and mid sized...
CVE-2005-1250
The CVE-2005-1250 entry describes a SQL injection in Ipswitch WhatsUp Professional 2005 SP1, targeting the web front end (NmConsole/Login.asp). The vulnerability allows remote attackers to submit crafted input in the User Name (sUserName) or Password (sPassword) fields, potentially yielding arbit...