CVE-2006-2354

CVE-2006-2354 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. NmConsole/Login.asp generates different error messages that enable remote attackers to enumerate valid usernames. Root cause is information-disclosing behavior in login error handling. CVSS 2.0 base sc...

CVE-2006-2356

NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter...

CVE-2006-2352

Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in 1 NmConsole/Tools.asp and 2 NmConsole/DeviceSelection.asp. NOTE: the provenance of thi...

CVE-2006-2356

CVE-2006-2356 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The issue resides in NmConsole/utility/RenderMap.asp, where a modified nDeviceGroupID parameter can cause remote information disclosure about network nodes. The associated CVSSv2 score is 5.0 (MEDIUM) ...

CVE-2006-2357

CVE-2006-2357 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp, leading to partial confidentiality impact. The NVD entry lists a Netw...

CVE-2006-2357

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)

The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues, including source code disclosure and cross-site scripting...

Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting

Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-cod...

Ipswitch WhatsUp Professional multiple flaws

WhatsUp is a tool from Ipswitch to monitor application and network, embedding a custom web server on port 8022. Description: This custom web server is prone to multiple flaws. -as authenticated user: src disclosure http://server:8022/NmConsole/Login.asp. there are many XSS flaws, as...

Ipswitch WhatsUp network monitoring tool multiple security vulnerabilities

Information disclosure, crossite scripting...

Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting

Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code...

Ipswitch WhatsUp Professional 2006 - '/NmConsole/ToolResults.asp?sHostname' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due...

Update Protection against IPSwitch WhatsUp Professional DoS Vulnerability

IPSwitch WhatsUp Professional 2006 is a network management and monitoring tool. A vulnerability has been identified in IPSwitch WhatsUp, which could be exploited by remote attackers to cause a denial of service...

CVE-2005-3526

The CVE-2005-3526 issue affects Ipswitch Collaboration Suite’s IMAP daemon (Ipswitch IMail Server/Collaboration Suite) identified in versions 2006.02 and earlier. The vulnerability stems from a lack of bounds checking while parsing long arguments to the FETCH command, enabling remote authenticate...

CVE-2005-3526

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command...

Ipswitch IMail Server/Collaboration Suite IMAP FETCH Command Overflow

The remote host is running Ipswitch Collaboration Suite / IMail Secure Server / IMail Server, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail Secure Server / IMail Server installed on the remote host has a...

[Full-disclosure] ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability

ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006 -- CVE ID: CVE-2005-3526 -- Affected Vendor: Ipswitch -- Affected Products: Ipswitch Collaboration Suite 2006.02 and below -- TippingPointTM IPS Custome...

IPSwitch IMail IMAP mail server DoS

FETCH IMAP command processing DoS and code execution...

Ipswitch Collaboration Suite Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite. Authentication is required to exploit this vulnerability. This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long...

Ipswitch Multiple Products < 2006.03 IMAP FETCH Command Overflow

Binary data 3473.prm...