Ipswitch Whatsup Professional vulnerabilities
7 known vulnerabilities affecting ipswitch/whatsup_professional.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2006-2351P4MEDIUMCVSS 4.3PoCv2006v2006_premium2006-05-15
CVE-2006-2351 [MEDIUM] CWE-79 CVE-2006-2351: Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsU
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
nvd
CVE-2006-2357P4MEDIUMCVSS 5.0v2006v2006_premium2006-05-15
CVE-2006-2357 [MEDIUM] CVE-2006-2357: Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
nvd
CVE-2006-2356P4MEDIUMCVSS 5.0v20062006-05-15
CVE-2006-2356 [MEDIUM] CWE-200 CVE-2006-2356: NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
nvd
CVE-2006-2354P4MEDIUMCVSS 5.0v2006v2006_premium2006-05-15
CVE-2006-2354 [MEDIUM] CVE-2006-2354: NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Pre
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2006-2353P4MEDIUMCVSS 5.0v2006v2006_premium2006-05-15
CVE-2006-2353 [MEDIUM] CWE-264 CVE-2006-2353: NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Pr
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.
nvd
CVE-2006-2352P4MEDIUMCVSS 4.3v2006v2006_premium2006-05-15
CVE-2006-2352 [MEDIUM] CVE-2006-2352: Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsU
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely
nvd
CVE-2006-2355P4MEDIUMCVSS 5.0v2006v2006_premium2006-05-15
CVE-2006-2355 [MEDIUM] CVE-2006-2355: Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote atta
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd