Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1010 matches found

Cvelist
Cvelistadded 2016/02/10 3:0 p.m.16 views

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

5.6AI score0.00026EPSS
Exploits2References4
Cvelist
Cvelistadded 2016/02/10 3:0 p.m.16 views

CVE-2015-7679

Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...

6.1AI score0.00012EPSS
Exploits2References4
CVE
CVEadded 2016/02/10 3:0 p.m.33 views

CVE-2015-7679

CVE-2015-7679 is a Cross-Site Scripting (XSS) vulnerability in Ipswitch MOVEit Mobile prior to version 1.2.2. The issue allows an attacker to inject arbitrary script/HTML via the query string to the mobile/ endpoint. Connected sources specify MOVEit Mobile affected versions include 1.2.0.962 and ...

6.1CVSS6AI score0.00012EPSS
Exploits2References4Affected Software1
CVE
CVEadded 2016/02/10 3:0 p.m.40 views

CVE-2015-7675

The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...

6.5CVSS6.1AI score0.00008EPSS
Exploits3References4Affected Software2
Packet Storm
Packet Stormadded 2016/01/28 12:0 a.m.96 views

Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Scripting

Profundis Labs - Security Advisory Vulnerablity Title ================== Missing input validation vulnerability Reflected XSS Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view,...

4.3CVSS6.4AI score0.00012EPSS
Exploits2
Packet Storm
Packet Stormadded 2016/01/28 12:0 a.m.72 views

Ipswitch MOVEit DMZ 8.1 Authorization Bypass

Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit web and mobile application allows for unauthorized access to arbitrary files and documents Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is a...

4CVSS5.5AI score0.00021EPSS
Exploits3
Packet Storm
Packet Stormadded 2016/01/28 12:0 a.m.48 views

Ipswitch MOVEit DMZ 8.1 Information Disclosure

Profundis Labs - Security Advisory Vulnerablity Title ================== Enumeration of existing usernames Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view, secure, and control all...

5CVSS5.6AI score0.00026EPSS
Exploits2
Packet Storm
Packet Stormadded 2016/01/28 12:0 a.m.111 views

Ipswitch MOVEit DMZ 8.1 File ID Enumeration

Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit application allows the enumeration of existing FileIDs CVE-2015-7677 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file...

4CVSS5.5AI score0.00021EPSS
Exploits3
Packet Storm
Packet Stormadded 2016/01/28 12:0 a.m.64 views

Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting

Profundis Labs - Security Advisory Vulnerability Title ================== Persistent Cross-Site-Scripting XSS vulnerability by file upload due to insecure default configuration Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated fi...

3.5CVSS5.6AI score0.00018EPSS
Exploits2
Packet Storm
Packet Stormadded 2016/01/28 12:0 a.m.44 views

Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Request Forgery

Profundis Labs - Security Advisory Vulnerablity Title ================== MOVEit Filetransfer Cross Site Request Forgery Vulnerability CVE-2015-7678 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets...

6.8CVSS8.9AI score0.0001EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2016/01/22 12:0 a.m.47 views

Ipswitch WhatsUp Gold < 16.4 Multiple Vulnerabilities

The remote host has a version of Ipswitch WhatsUp Gold installed that is prior to 16.4.0. It is, therefore, affected by the following vulnerabilities : - Multiple SQL injection vulnerabilities exist due to improper sanitization of user-supplied input to the 'sUniqueID' parameter and the 'find...

9.8CVSS7.4AI score0.11459EPSS
Exploits6References4
Packet Storm
Packet Stormadded 2016/01/15 12:0 a.m.40 views

WhatsUp Gold 16.3 Remote Code Execution

Exploit Title: WhatsUp Gold v16.3 Unauthenticated Remote Code Execution Date: 2016-01-13 Exploit Author: Matt Buzanowski Vendor Homepage: http://www.ipswitch.com/ Version: 16.3.x Tested on: Windows 7 x86 CVE : CVE-2015-8261 Usage: python DroneDeleteOldMeasurements.py import requests import sys...

7.5CVSS0.3AI score0.04357EPSS
Exploits4
exploitpack
exploitpackadded 2016/01/13 12:0 a.m.34 views

WhatsUp Gold 16.3 - Remote Code Execution

WhatsUp Gold 16.3 - Remote Code Execution Exploit Title: WhatsUp Gold v16.3 Unauthenticated Remote Code Execution Date: 2016-01-13 Exploit Author: Matt Buzanowski Vendor Homepage: http://www.ipswitch.com/ Version: 16.3.x Tested on: Windows 7 x86 CVE : CVE-2015-8261 Usage: python...

7.5CVSS0.3AI score0.04357EPSS
Exploits4
0day.today
0day.todayadded 2016/01/13 12:0 a.m.35 views

WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution

Exploit for asp platform in category web applications Exploit Title: WhatsUp Gold v16.3 Unauthenticated Remote Code Execution Date: 2016-01-13 Exploit Author: Matt Buzanowski Vendor Homepage: http://www.ipswitch.com/ Version: 16.3.x Tested on: Windows 7 x86 CVE : CVE-2015-8261 Usage: python...

7.5CVSS0.6AI score0.04357EPSS
Exploits4
myhack58
myhack58added 2016/01/10 12:0 a.m.17 views

Ipswitch WhatsUp Gold SQL injection Vulnerability(CVE-2 0 1 5-8 2 6 1)-vulnerability warning-the black bar safety net

Affected system: Ipswitch WhatsUp Gold 〈 16.4 Description: CVECAN ID: CVE-2 0 1 5-8 2 6 1 WhatsUp Gold offers a complete easy-to-use monitoring mechanism for comprehensive monitoring of application services and network equipment, and assist IT managers the network management information into a...

0.7AI score
Exploits0
NVD
NVDadded 2016/01/08 2:59 a.m.17 views

CVE-2015-8261

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request...

9.8CVSS9.6AI score0.04357EPSS
Exploits4References3
Prion
Prionadded 2016/01/08 2:59 a.m.17 views

Sql injection

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request...

7.5CVSS8AI score0.04357EPSS
Exploits4References3Affected Software1
CVE
CVEadded 2016/01/08 2:0 a.m.69 views

CVE-2015-8261

Ipswitch WhatsUp Gold before 16.4 is vulnerable to SQL injection via the DroneDeleteOldMeasurements SOAP handler, caused by improper validation of serialized XML objects. A remote attacker can craft a SOAP request to inject/manipulate SQL in the back-end database, potentially exposing or altering...

9.8CVSS9.5AI score0.04357EPSS
Exploits4References3Affected Software1
Cvelist
Cvelistadded 2016/01/08 2:0 a.m.17 views

CVE-2015-8261

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request...

9.6AI score0.04357EPSS
Exploits4References3
Positive Technologies
Positive Technologiesadded 2016/01/08 12:0 a.m.3 views

PT-2016-1000 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 16.4 Description: The issue is related to the DroneDeleteOldMeasurements implementation, which does not properly validate serialized XML objects. This allows remote attackers to conduct SQL injection...

9.8CVSS8.3AI score0.04357EPSS
Exploits4References7
Rows per page
Query Builder