cbcvebase.

Ipswitch Whatsup vulnerabilities

3 known vulnerabilities affecting ipswitch/whatsup.

Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2005-1250P3HIGHCVSS 7.5PoCvprofessional_2005_sp12005-06-22
CVE-2005-1250 [HIGH] CVE-2005-1250: SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwi SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
nvd
CVE-2006-2531P3HIGHCVSS 7.5PoCvprofessional_20062006-05-22
CVE-2006-2531 [HIGH] CVE-2006-2531: Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
nvd
CVE-2006-0911P4MEDIUMCVSS 5.0PoCvprofessional_20062006-02-28
CVE-2006-0911 [MEDIUM] CWE-399 CVE-2006-0911: NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of ser NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demons
nvd
Ipswitch Whatsup vulnerabilities | cvebase