VYPR

Vendor CVEs

Ipswitch, Inc.

All CVEs

158 total · sorted by risk
  • CVE-2015-8261CriJan 8, 2016
    risk 0.67cvss 9.8epss 0.04

    The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.

  • CVE-2018-8939CriMay 1, 2018
    risk 0.64cvss 9.8epss 0.01

    An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold…

  • CVE-2018-8938CriMay 1, 2018
    risk 0.64cvss 9.8epss 0.02

    A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.

  • CVE-2018-5778CriJan 24, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2018-5777CriJan 24, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.

  • CVE-2017-12639CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.03

    Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.

  • CVE-2017-12638CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.03

    Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.

  • CVE-2017-6195CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.

  • CVE-2016-1000000HigOct 6, 2016
    risk 0.57cvss 8.8epss 0.01

    Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection

  • CVE-2015-7678HigFeb 10, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2017-16513HigNov 3, 2017
    risk 0.54cvss 7.8epss 0.02

    Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.

  • CVE-2025-10932HigOct 29, 2025
    risk 0.53cvss 8.2epss 0.00

    Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16.

  • CVE-2005-2160HigJul 6, 2005
    risk 0.49cvss 7.5epss 0.02

    IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.

  • CVE-2015-6005MedDec 27, 2015
    risk 0.45cvss 6.9epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor…

  • CVE-2015-7675MedFeb 10, 2016
    risk 0.42cvss 6.5epss 0.03

    The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to…

  • CVE-2015-6004MedDec 27, 2015
    risk 0.42cvss 6.5epss 0.02

    Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.

  • CVE-2018-6545MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.02

    Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.

  • CVE-2015-7679MedFeb 10, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.

  • CVE-2015-7676MedApr 15, 2016
    risk 0.35cvss 5.4epss 0.02

    Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.

  • CVE-2015-7680MedFeb 10, 2016
    risk 0.35cvss 5.3epss 0.02

    Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.

  • CVE-2023-34362KEVJun 2, 2023
    risk 0.29cvss epss 1.00

    In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access…

  • CVE-2015-7677MedFeb 10, 2016
    risk 0.28cvss 4.3epss 0.03

    The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.

  • CVE-2024-5806Jun 25, 2024
    risk 0.10cvss epss 0.76

    Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

  • CVE-2022-29847May 11, 2022
    risk 0.10cvss epss 0.56

    In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

  • CVE-2007-3925Jul 21, 2007
    risk 0.10cvss epss 0.85

    Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.

  • CVE-2006-4847Sep 19, 2006
    risk 0.10cvss epss 0.85

    Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

  • CVE-2004-1520Dec 31, 2004
    risk 0.10cvss epss 0.89

    Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.

  • CVE-2003-0772Sep 22, 2003
    risk 0.09cvss epss 0.72

    Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.

  • CVE-1999-1551Mar 2, 1999
    risk 0.09cvss epss 0.72

    Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.

  • CVE-2022-29848May 11, 2022
    risk 0.08cvss epss 0.04

    In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

  • CVE-2011-4722Dec 28, 2014
    risk 0.08cvss epss 0.58

    Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

  • CVE-2006-4379Sep 8, 2006
    risk 0.08cvss epss 0.60

    Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.

  • CVE-2005-1939Dec 31, 2005
    risk 0.08cvss epss 0.63

    Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).

  • CVE-2004-0297Nov 23, 2004
    risk 0.08cvss epss 0.68

    Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.

  • CVE-2004-0798Oct 20, 2004
    risk 0.08cvss epss 0.63

    Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.

  • CVE-2023-36934Jul 5, 2023
    risk 0.07cvss epss 0.95

    In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated…

  • CVE-2022-29845May 11, 2022
    risk 0.07cvss epss 0.04

    In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.

  • CVE-2004-1135Jan 10, 2005
    risk 0.07cvss epss 0.50

    Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.

  • CVE-2023-35708Jun 16, 2023
    risk 0.06cvss epss 0.97

    In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain…

  • CVE-2022-29846May 11, 2022
    risk 0.06cvss epss 0.05

    In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.

  • CVE-2005-1255May 25, 2005
    risk 0.06cvss epss 0.43

    Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or…

  • CVE-2007-2795Jan 27, 2009
    risk 0.05cvss epss 0.24

    Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which…

  • CVE-2008-0590Feb 5, 2008
    risk 0.05cvss epss 0.22

    Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.

  • CVE-2007-3927Jul 21, 2007
    risk 0.05cvss epss 0.22

    Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."

  • CVE-2006-5000Sep 26, 2006
    risk 0.05cvss epss 0.64

    Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on…

  • CVE-2005-1250Jun 22, 2005
    risk 0.05cvss epss 0.21

    SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).

  • CVE-2005-1256May 25, 2005
    risk 0.05cvss epss 0.59

    Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.

  • CVE-2008-5692Dec 19, 2008
    risk 0.04cvss epss 0.08

    Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account…

  • CVE-2008-3795Aug 27, 2008
    risk 0.04cvss epss 0.15

    Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."

  • CVE-2008-3734Aug 20, 2008
    risk 0.04cvss epss 0.14

    Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).

Page 1 of 4