3 matches found
CVE-2006-2531
CVE-2006-2531 affects Ipswitch WhatsUp Professional (2006). The flaw enables an unauthenticated remote attacker to bypass authentication by spoofing HTTP headers, specifically setting User-Agent to “Ipswitch/1.0” and User-Application to “NmConsole.” The root cause is that authentication relies on...
CVE-2005-1250
The CVE-2005-1250 entry describes a SQL injection in Ipswitch WhatsUp Professional 2005 SP1, targeting the web front end (NmConsole/Login.asp). The vulnerability allows remote attackers to submit crafted input in the User Name (sUserName) or Password (sPassword) fields, potentially yielding arbit...
CVE-2006-0911
CVE-2006-0911 affects Ipswitch WhatsUp Professional 2006. The vulnerable component is NmService.exe handling requests to Login.asp. The underlying issue is triggered by crafted requests that use the parameters (1) "In]" and (2) "b;tnLogIn", or (3) malformed btnLogIn, potentially involving missing...