1010 matches found
Path traversal
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Design/Logic Flaw
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...
CVE-2006-2351
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the 1 sDeviceView or 2 nDeviceID parameter to a NmConsole/Navigation.asp or 3 sHostname parameter to b...
Code injection
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the 1 sCancelURL and possibly 2 sRedirectUrl parameters...
Information disclosure
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2006-2355
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-2357
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the 1 sDeviceView or 2 nDeviceID parameter to a NmConsole/Navigation.asp or 3 sHostname parameter to b...
CVE-2006-2353
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the 1 sCancelURL and possibly 2 sRedirectUrl parameters...
CVE-2006-2356
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter...
CVE-2006-2352
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in 1 NmConsole/Tools.asp and 2 NmConsole/DeviceSelection.asp. NOTE: the provenance of thi...
CVE-2006-2354
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2006-2355
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-2351
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the 1 sDeviceView or 2 nDeviceID parameter to a NmConsole/Navigation.asp or 3 sHostname parameter to b...
CVE-2006-2352
CVE-2006-2352 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability is due to cross-site scripting (XSS) in NmConsole/Tools.asp and NmConsole/DeviceSelection.asp, allowing remote attackers to inject arbitrary web script or HTML. The connected document...
CVE-2006-2354
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2006-2353
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the 1 sCancelURL and possibly 2 sRedirectUrl parameters...
CVE-2006-2355
The CVE-2006-2355 entry concerns Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. Public sources state a path-information disclosure via 404 error messages, enabling remote attackers to obtain full path details. OpenVAS/Nessus entries corroborate that Ipswitch WhatsUp Pro...
CVE-2006-2353
CVE-2006-2353 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. NmConsole/DeviceSelection.asp allows remote redirection to other websites via the sCancelURL and possibly the sRedirectUrl parameters, indicating improper input validation in the web interface. The vul...
CVE-2006-2351
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium are affected by multiple cross-site scripting (XSS) vulnerabilities. The XSS can be triggered via the following parameters: (1) sDeviceView or (2) nDeviceID to NmConsole/Navigation.asp, and (3) sHostname to NmConsole/ToolRes...