IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements...

CVE-2015-6005

Multiple cross-site scripting XSS vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Group Names field, 5 the Flow Monitor Credentials field, 6 the Flow...

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

Sql injection

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Group Names field, 5 the Flow Monitor Credentials field, 6 the Flow...

CVE-2015-6005

Multiple cross-site scripting XSS vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Group Names field, 5 the Flow Monitor Credentials field, 6 the Flow...

CVE-2015-6004

Ipswitch WhatsUp Gold prior to 16.4 is affected by CVE-2015-6004 (SQL injection) via the sUniqueID/Find Device inputs in the Reports component, enabling an authenticated remote attacker to manipulate or disclose data in the backend database. The issue is complemented by CVE-2015-6005 (stored XSS)...

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

CVE-2015-6005

Ipswitch WhatsUp Gold (pre-16.4) is affected by multiple XSS vulnerabilities (CVE-2015-6005) due to improper validation in various fields (e.g., SNMP OID objects, SNMP traps, View/Group/Policy/Template Libraries, System Script Library, CLI Settings, etc.). An authenticated remote attacker could i...

PT-2015-7108 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields, including 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Grou...

Ipswitch WhatsUp Gold Cross-Site Scripting Vulnerability

Ipswitch WhatsUp Gold is a unified suite of infrastructure and application monitoring software. IPswitch WhatsUp Gold suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, obtain sensitive information o...

Ipswitch WhatsUp Gold SQL Injection Vulnerability

Ipswitch WhatsUp Gold is a unified suite of infrastructure and application monitoring software. IPswitch WhatsUp Gold suffers from a SQL injection vulnerability. Failure to properly filter the 'UniqueID' parameter allows remote attackers to exploit the vulnerability to submit specially crafted SQ...

IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi

Overview IPSwitch's WhatsUp Gold version 16.3, and possibly previous versions, is vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-6004The "Find Device" search field does...

Ipswitch WhatsUp Gold Directory Traversal Vulnerability

Ipswitch WhatsUp Gold is a Windows-based network monitoring application. Ipswitch WhatsUp Gold suffers from a directory traversal vulnerability that could allow a remote attacker to read arbitrary files via an RRQ operation in the file name field...

CVE-2011-4722

Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. dot dot in the Filename field of an RRQ operation...

Directory traversal

Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. dot dot in the Filename field of an RRQ operation...

CVE-2011-4722

Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. dot dot in the Filename field of an RRQ operation...

CVE-2011-4722

CVE-2011-4722 is a directory traversal vulnerability in Ipswitch WhatsUp Gold’s TFTP Server 1.0.0.24 that allows remote attackers to read arbitrary files via a .. sequence in the Filename field of an RRQ request. Public materials describe exploitation via a Metasploit module targeting WhatsUp Gol...

IPSwitch IMAIL LDAP Overflow - Ver2 (CVE-2004-0297)

The LDAP protocol elements are encoded for exchange using ASN.1 Basic Encoding Rules BER. Buffer overflow vulnerabilities exist in the LDAP component of IPSwitch's IMail server. The vulnerable LDAP daemon does not properly validate the content of an LDAP message. The vulnerability allows both DoS...

Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure

The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.3 and is, therefore, affected by an information disclosure vulnerability due to the included OpenSSL version. An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time...