1010 matches found
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...
CVE-2024-8785
CVE-2024-8785 affects Progress WhatsUp Gold pre-2024.0.1. The vulnerability stems from NmAPI.exe enabling remote unauthenticated actors to create or modify a registry value at HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch, potentially enabling remote code execution. Connected documents confirm...
CVE-2024-8785 WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...
PT-2024-39990
Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.9 Description The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only the...
Progress / Ipswitch WhatsUp Gold Detection Consolidation
Consolidation of Progress / Ipswitch WhatsUp Gold detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if...
Progress Software Ipswitch WS_FTP Server 安全漏洞
Progress Software Ipswitch WSFTP Server is a suite of FTP server software from Progress Software, Inc. that provides file transfer control, transfer encryption, and other features. A security vulnerability exists in Progress Software Ipswitch WSFTP Server versions prior to 8.8.8. An attacker can...
PT-2024-38553 · Ipswitch · Ws Ftp Server
Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.8 Description: A missing critical step in the multi-factor authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...
PT-2024-9449 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in the registry path HKEY LOCAL MACHINESOFTWAREWOW6432NodeIpswitch. This could allo...
Progress MOVEit Transfer 2017 < 9.0.0.201, Ipswitch MOVEit DMZ < 8.2 / 8.2 < 8.2.0.20 / 8.3 < 8.3.0.30 SQL Injection (CVE-2017-6195)
The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by a pre-authentication blind SQL injection vulnerability as referenced in Progress Community article 000192008. - Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind...
Ipswitch MOVEit DMZ < 2024.0.0 (16_0_0)
The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 2024.0.0. It is, therefore, affected by a vulnerability as referenced in the 000258478 advisory. - The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficie...
PT-2023-5770 · Ipswitch · Ws Ftp Server
Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.4 and 8.8.2 Description: A directory traversal vulnerability was discovered in WS FTP Server, allowing an attacker to perform file operations such as delete, rename, rmdir, and mkdir on files and folders...
CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information
MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023, Progress released a security advisory affecting...
Cross site scripting
Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site scripting XSS vulenrability via the API authentication function...
CVE-2023-30394
The CVE-2023-30394 entry concerns MoveIt framework 1.1.11 for ROS, where an XSS vulnerability exists in the API authentication function. The issue is widely referenced across multiple feeds, and one source (PT-2023-22669) provides a practical workaround: disable the API authentication function an...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2022-27665
Summary (CVE-2022-27665): Progress Ipswitch WS_FTP Server 8.6.0 is affected by a reflected XSS vulnerability via AngularJS sandbox escape expressions, allowing an attacker to trigger client-side code by submitting crafted input in the subdirectory search bar or Add folder filename fields. The iss...
Progress ipswitch WS_FTP Server 跨站脚本漏洞
Progress ipswitch WSFTP Server is an FTP server software. A security vulnerability exists in Progress ipswitch WSFTP Server version 8.6.0 that originates from improper handling of user-supplied input. An attacker could exploit the vulnerability to execute malicious code and commands on the client...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...