Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ProgressWhatsup Gold

10 matches found

CVE
CVEadded 2016/10/06 2:59 p.m.56 views

CVE-2016-1000000

Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection

8.8CVSS9.1AI score0.00028EPSS
CVE
CVEadded 2024/06/25 8:15 p.m.52 views

CVE-2024-5009

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.

8.4CVSS8.1AI score0.01591EPSS
CVE
CVEadded 2024/08/29 10:15 p.m.49 views

CVE-2024-6672

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.

8.8CVSS9AI score0.02804EPSS
CVE
CVEadded 2024/12/02 3:15 p.m.48 views

CVE-2024-46905

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.

8.8CVSS9.1AI score0.01117EPSS
CVE
CVEadded 2024/12/02 3:15 p.m.46 views

CVE-2024-46906

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.

8.8CVSS9.1AI score0.01205EPSS
CVE
CVEadded 2024/12/02 3:15 p.m.46 views

CVE-2024-46907

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.

8.8CVSS9.1AI score0.01205EPSS
CVE
CVEadded 2024/12/02 3:15 p.m.46 views

CVE-2024-46908

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.

8.8CVSS9.1AI score0.01273EPSS
CVE
CVEadded 2024/06/25 8:15 p.m.46 views

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.

8.8CVSS8.8AI score0.03309EPSS
CVE
CVEadded 2024/06/25 9:16 p.m.46 views

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin.

8.8CVSS7.3AI score0.00118EPSS
CVE
CVEadded 2024/06/25 9:16 p.m.44 views

CVE-2024-5012

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library.

8.6CVSS8.6AI score0.01823EPSS