Ipswitch IMail SMTP Server code execution

Stack buffer overflow on oversized hostname string within characters '@' and ':'...

Ipswitch IMail Server SMTP Service Crafted RCPT String Remote Overflow

The remote host is running Ipswitch Collaboration Suite / IMail Secure Server / IMail Server, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail Secure Server / IMail Server installed on the remote host has a...

WhatsUp Gold _maincfgret.cgi instancename buffer overflow

Added: 09/08/2006 CVE: CVE-2004-0798 BID: 11043 OSVDB: 9177 Background WhatsUp Professional formerly WhatsUp Gold is a network mapping and monitoring tool. Problem A buffer overflow in the WhatsUp Gold web interface allows remote command execution by requesting maincfgret.cgi with a long...

Ipswitch IMail Server RCPT String Remote Overflow

Binary data 3738.prm...

[SA21795] Ipswitch IMail Server SMTP Service Unspecified Vulnerability

TITLE: Ipswitch IMail Server SMTP Service Unspecified Vulnerability SECUNIA ADVISORY ID: SA21795 VERIFY ADVISORY: http://secunia.com/advisories/21795/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/...

CVE-2006-3552

Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use...

CVE-2006-3552

Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use...

CVE-2006-3552

Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium are affected. Using a specific .dat file in the StarEngine /data directory up to 20060630 or earlier prevents proper reception and implementation of bullet signature updates, enabling context-dependent attackers to misuse the ...

Update Protection against Ipswitch WhatsUp Professional 2006 Multiple Vulnerabilities

WhatsUp is a tool from Ipswitch that monitors application and network. WhatsUp runs a custom web server for the application Web interface on port 8022. Multiple flaws have been identified in the server including XSS vulnerabilities, page redirection via cross site scripting and header spoofing...

CVE-2006-2531

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole"...

Authentication flaw

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole"...

CVE-2006-2531

CVE-2006-2531 affects Ipswitch WhatsUp Professional (2006). The flaw enables an unauthenticated remote attacker to bypass authentication by spoofing HTTP headers, specifically setting User-Agent to “Ipswitch/1.0” and User-Application to “NmConsole.” The root cause is that authentication relies on...

CVE-2006-2531

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole"...

ipswitchXSS.txt

WhatsUp is a tool from Ipswitch to monitor application and network, embedding a custom web server on port 8022. Description: This custom web server is prone to multiple flaws. -as authenticated user: src disclosure http://server:8022/NmConsole/Login.asp. there are many XSS flaws, as...

Ipswitch WhatsUp Professional Crafted Header Authentication Bypass

The remote host is running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host allows an attacker to bypass authentication with a specially crafted request. %NASLMINLEVEL 70300 C Tenab...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

Ipswitch WhatsUp Professional 2006 - Authentication Bypass source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them...

IPSwitch What's Up administration authentication bypass

It's possible to bypass authentication by adding User-Application: NmConsole header...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in 1 NmConsole/Tools.asp and 2 NmConsole/DeviceSelection.asp. NOTE: the provenance of thi...

Design/Logic Flaw

NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter...