22 matches found
CVE-2024-5019
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...
CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...
CVE-2024-5019
CVE-2024-5019 relates to Progress/WhatsUp Gold prior to version 2023.1.3. The vulnerability is an unauthenticated Arbitrary File Read in the Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS, allowing reading of files with the iisapppool\NmConsole privileges. The affected software is Whats...
CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...
CVE-2024-4884
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges...
CVE-2024-4885 WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges...
CVE-2024-4885 WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges...
CVE-2024-4884 WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges...
Ipswitch WhatsUp Professional Source Disclosure (CVE-2006-2357)
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...
Ipswitch WhatsUp Professional 2006 0 NmConsole/ToolResults.asp sHostname Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation...
IPSwitch What's Up administration authentication bypass
It's possible to bypass authentication by adding User-Application: NmConsole header...
CVE-2006-2351
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the 1 sDeviceView or 2 nDeviceID parameter to a NmConsole/Navigation.asp or 3 sHostname parameter to b...
Code injection
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the 1 sCancelURL and possibly 2 sRedirectUrl parameters...
Information disclosure
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the 1 sDeviceView or 2 nDeviceID parameter to a NmConsole/Navigation.asp or 3 sHostname parameter to b...
CVE-2006-2352
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in 1 NmConsole/Tools.asp and 2 NmConsole/DeviceSelection.asp. NOTE: the provenance of thi...
CVE-2006-2353
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the 1 sCancelURL and possibly 2 sRedirectUrl parameters...
CVE-2006-2351
Multiple cross-site scripting XSS vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the 1 sDeviceView or 2 nDeviceID parameter to a NmConsole/Navigation.asp or 3 sHostname parameter to b...
CVE-2006-2354
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2006-2354
CVE-2006-2354 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. NmConsole/Login.asp generates different error messages that enable remote attackers to enumerate valid usernames. Root cause is information-disclosing behavior in login error handling. CVSS 2.0 base sc...