7 matches found
CVE-2006-2357
CVE-2006-2357 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp, leading to partial confidentiality impact. The NVD entry lists a Netw...
CVE-2006-2353
CVE-2006-2353 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. NmConsole/DeviceSelection.asp allows remote redirection to other websites via the sCancelURL and possibly the sRedirectUrl parameters, indicating improper input validation in the web interface. The vul...
CVE-2006-2351
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium are affected by multiple cross-site scripting (XSS) vulnerabilities. The XSS can be triggered via the following parameters: (1) sDeviceView or (2) nDeviceID to NmConsole/Navigation.asp, and (3) sHostname to NmConsole/ToolRes...
CVE-2006-2355
The CVE-2006-2355 entry concerns Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. Public sources state a path-information disclosure via 404 error messages, enabling remote attackers to obtain full path details. OpenVAS/Nessus entries corroborate that Ipswitch WhatsUp Pro...
CVE-2006-2352
CVE-2006-2352 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability is due to cross-site scripting (XSS) in NmConsole/Tools.asp and NmConsole/DeviceSelection.asp, allowing remote attackers to inject arbitrary web script or HTML. The connected document...
CVE-2006-2356
CVE-2006-2356 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The issue resides in NmConsole/utility/RenderMap.asp, where a modified nDeviceGroupID parameter can cause remote information disclosure about network nodes. The associated CVSSv2 score is 5.0 (MEDIUM) ...
CVE-2006-2354
CVE-2006-2354 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. NmConsole/Login.asp generates different error messages that enable remote attackers to enumerate valid usernames. Root cause is information-disclosing behavior in login error handling. CVSS 2.0 base sc...