Filtered by vendor Ipswitch
Subscribe
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0799 | 2 Ipswitch, Progress | 2 Whatsup Gold, Whatsup Gold | 2024-08-27 | 5.0 MEDIUM | N/A |
| The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". | |||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-1848 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2023-10-11 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | |||||
| CVE-2006-4847 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2023-10-11 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | |||||
| CVE-2004-1884 | 2 Ipswitch, Progress | 3 Ws Ftp Pro, Ws Ftp Server, Ws Ftp Server | 2023-10-11 | 7.5 HIGH | N/A |
| Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | |||||
| CVE-2006-5001 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2023-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | |||||
| CVE-1999-1171 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2023-10-11 | 4.6 MEDIUM | N/A |
| IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
| CVE-2003-0772 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2023-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | |||||
| CVE-2006-5000 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2023-10-11 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | |||||
| CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2023-10-11 | 4.6 MEDIUM | N/A |
| IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
| CVE-2000-0019 | 1 Ipswitch | 1 Imail | 2022-08-17 | 2.1 LOW | N/A |
| IMail POP3 daemon uses weak encryption, which allows local users to read files. | |||||
| CVE-2019-16383 | 1 Ipswitch | 1 Moveit Transfer | 2020-04-14 | 7.5 HIGH | 9.4 CRITICAL |
| MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection. | |||||
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | |||||
| CVE-2019-18465 | 1 Ipswitch | 1 Moveit Transfer | 2019-11-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. | |||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | |||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | |||||
| CVE-2019-12145 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. | |||||
| CVE-2005-3526 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2018-10-19 | 6.5 MEDIUM | N/A |
| Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. | |||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2018-10-18 | 7.5 HIGH | N/A |
| Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | |||||
| CVE-2006-0911 | 1 Ipswitch | 1 Whatsup | 2018-10-18 | 5.0 MEDIUM | N/A |
| NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. | |||||