CVE-2019-12146

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized director...

CVE-2019-12146

CVE-2019-12146 affects Progress Ipswitch WS_FTP Server 2018 before 8.6.1. Vulnerable component: SSHServerAPI.dll; SCP listener flaw allows crafted strings to write files and create directories outside the authorized directory. Attack surface is network-exposed; impact includes potential unauthori...

CVE-2019-12145

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system...

CVE-2019-12145

CVE-2019-12145 affects Progress IPSwitch WS_FTP Server 2018 up to version 8.6.0. The flaw resides in SSHServerAPI.dll, allowing a directory-traversal via crafted strings sent over SCP, enabling an attacker to disclose pathnames on the host operating system. The vulnerability is a path-disclosure ...

CVE-2019-12144

CVE-2019-12144 affects Progress IPSwitch WS_FTP Server 2018 (before 8.6.1). The issue is in SSHServerAPI.dll and enables path traversal via SCP, with potential remote code execution by crafting a payload that abuses the SITE command feature. Multiple connected sources (NVD entry, CNVD entry, PRIO...

CVE-2019-12144

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...

CVE-2019-12143

CVE-2019-12143 affects Progress IPswitch WS_FTP Server (Windows) prior to 8.6.1. The vulnerability is a directory traversal in SSHServerAPI.dll that an attacker can trigger via SCP protocol by supplying specially crafted strings to disclose WS_FTP usernames and filenames. The issue impacts the SC...

CVE-2019-12143

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WSFTP usernames as well as filenames...

Ipswitch WhatsUp Gold Code Injection Vulnerability

Ipswitch WhatsUp Gold is a suite of unified infrastructure and application monitoring software from Ipswitch USA. The software supports management of network, server, virtual environment and application performance, among other things. A code injection vulnerability exists in the...

CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

Code injection

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server...

Server side request forgery (ssrf)

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

CVE-2018-8938

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server...

CVE-2018-8938

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server...

CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

CVE-2018-8939

CVE-2018-8939 describes a Server-Side Request Forgery (SSRF) in NmAPI.exe of Ipswitch WhatsUp Gold, affecting versions prior to 18.0. An attacker can submit specially crafted requests via NmAPI.exe to gain unauthorized access, obtain information about the WhatsUp Gold system, or execute remote co...

CVE-2018-8938

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server...

CVE-2018-8938

Ipswitch WhatsUp Gold before 18.0 is affected by a Code Injection vulnerability in DlgSelectMibFile.asp. A specially crafted SNMP MIB file can cause arbitrary command/code execution on the WhatsUp Gold server. Affected: WhatsUp Gold versions prior to 18.0. Root cause: errors in code generation/ha...

PT-2018-1307 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 18.0 Description: A Code Injection issue was discovered in DlgSelectMibFile.asp, related to errors in code generation management. This issue allows malicious actors to inject a specially crafted SNMP MI...