Vendor CVEs
Ipswitch, Inc.
All CVEs
158 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0944 | 0.04 | — | 0.12 | Feb 25, 2008 | Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | |||
| CVE-2006-2531 | 0.04 | — | 0.07 | May 22, 2006 | Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | |||
| CVE-2006-0911 | 0.04 | — | 0.16 | Feb 28, 2006 | NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving… | |||
| CVE-1999-1557 | 0.04 | — | 0.08 | May 2, 2005 | Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. | |||
| CVE-2002-1077 | 0.04 | — | 0.11 | Oct 4, 2002 | IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. | |||
| CVE-2002-1076 | 0.04 | — | 0.14 | Oct 4, 2002 | Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. | |||
| CVE-2001-1287 | 0.04 | — | 0.10 | Oct 12, 2001 | Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||
| CVE-2000-0780 | 0.04 | — | 0.07 | Oct 20, 2000 | The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. | |||
| CVE-1999-1046 | 0.04 | — | 0.15 | Mar 1, 1999 | Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. | |||
| CVE-2019-16383 | 0.03 | — | 0.05 | Sep 24, 2019 | MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or… | |||
| CVE-2014-3878 | 0.03 | — | 0.03 | Jun 5, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts… | |||
| CVE-2012-4344 | 0.03 | — | 0.04 | Aug 15, 2012 | Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. | |||
| CVE-2012-2601 | 0.03 | — | 0.03 | Aug 15, 2012 | SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |||
| CVE-2009-4775 | 0.03 | — | 0.06 | Apr 21, 2010 | Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | |||
| CVE-2007-5094 | 0.03 | — | 0.04 | Sep 26, 2007 | Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line,… | |||
| CVE-2006-4974 | 0.03 | — | 0.04 | Sep 25, 2006 | Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | |||
| CVE-2006-2351 | 0.03 | — | 0.05 | May 15, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3)… | |||
| CVE-2004-1883 | 0.03 | — | 0.05 | Dec 31, 2004 | Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long… | |||
| CVE-2000-0056 | 0.03 | — | 0.06 | Jan 5, 2000 | IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. | |||
| CVE-1999-1497 | 0.03 | — | 0.01 | Dec 21, 1999 | Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. | |||
| CVE-1999-1171 | 0.03 | — | 0.05 | Feb 2, 1999 | IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||
| CVE-1999-1170 | 0.03 | — | 0.04 | Jan 2, 1999 | IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||
| CVE-2023-35036 | 0.02 | — | 0.13 | Jun 12, 2023 | In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain… | |||
| CVE-2007-3823 | 0.02 | — | 0.25 | Jul 17, 2007 | The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | |||
| CVE-2006-5001 | 0.02 | — | 0.32 | Sep 26, 2006 | Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on… | |||
| CVE-2023-36933 | 0.01 | — | 0.72 | Jul 5, 2023 | In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer… | |||
| CVE-2023-36932 | 0.01 | — | 0.82 | Jul 5, 2023 | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an… | |||
| CVE-2008-0945 | 0.01 | — | 0.07 | Feb 25, 2008 | Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via… | |||
| CVE-2007-3959 | 0.01 | — | 0.06 | Jul 24, 2007 | The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a… | |||
| CVE-2005-3526 | 0.01 | — | 0.07 | Dec 31, 2005 | Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. | |||
| CVE-2005-2923 | 0.01 | — | 0.11 | Dec 7, 2005 | The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. | |||
| CVE-2005-1252 | 0.01 | — | 0.13 | May 25, 2005 | Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a… | |||
| CVE-2004-1848 | 0.01 | — | 0.08 | Dec 31, 2004 | Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | |||
| CVE-2004-2422 | 0.01 | — | 0.07 | Dec 31, 2004 | Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. | |||
| CVE-2002-0777 | 0.01 | — | 0.10 | Aug 12, 2002 | Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. | |||
| CVE-2000-0825 | 0.01 | — | 0.07 | Nov 14, 2000 | Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. | |||
| CVE-2025-11235 | 0.00 | — | 0.00 | Jan 6, 2026 | Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. | |||
| CVE-2025-13147 | 0.00 | — | 0.00 | Nov 19, 2025 | Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4. | |||
| CVE-2025-2324 | 0.00 | — | 0.00 | Mar 19, 2025 | Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before… | |||
| CVE-2024-8785 | 0.00 | — | 0.10 | Dec 2, 2024 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | |||
| CVE-2024-7744 | 0.00 | — | 0.01 | Aug 28, 2024 | In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated… | |||
| CVE-2024-6576 | 0.00 | — | 0.01 | Jul 29, 2024 | Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. | |||
| CVE-2024-4561 | 0.00 | — | 0.00 | May 14, 2024 | In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | |||
| CVE-2024-2291 | 0.00 | — | 0.00 | Mar 20, 2024 | In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the… | |||
| CVE-2024-0396 | 0.00 | — | 0.01 | Jan 17, 2024 | In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction… | |||
| CVE-2023-6218 | 0.00 | — | 0.01 | Nov 29, 2023 | In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members… | |||
| CVE-2023-6217 | 0.00 | — | 0.01 | Nov 29, 2023 | In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft… | |||
| CVE-2023-42656 | 0.00 | — | 0.00 | Sep 20, 2023 | In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious… | |||
| CVE-2023-40043 | 0.00 | — | 0.01 | Sep 20, 2023 | In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to… | |||
| CVE-2023-42660 | 0.00 | — | 0.01 | Sep 20, 2023 | In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain… |
- CVE-2008-0944Feb 25, 2008risk 0.04cvss —epss 0.12
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
- CVE-2006-2531May 22, 2006risk 0.04cvss —epss 0.07
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
- CVE-2006-0911Feb 28, 2006risk 0.04cvss —epss 0.16
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving…
- CVE-1999-1557May 2, 2005risk 0.04cvss —epss 0.08
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
- CVE-2002-1077Oct 4, 2002risk 0.04cvss —epss 0.11
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
- CVE-2002-1076Oct 4, 2002risk 0.04cvss —epss 0.14
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
- CVE-2001-1287Oct 12, 2001risk 0.04cvss —epss 0.10
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
- CVE-2000-0780Oct 20, 2000risk 0.04cvss —epss 0.07
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
- CVE-1999-1046Mar 1, 1999risk 0.04cvss —epss 0.15
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
- CVE-2019-16383Sep 24, 2019risk 0.03cvss —epss 0.05
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or…
- CVE-2014-3878Jun 5, 2014risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts…
- CVE-2012-4344Aug 15, 2012risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.
- CVE-2012-2601Aug 15, 2012risk 0.03cvss —epss 0.03
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
- CVE-2009-4775Apr 21, 2010risk 0.03cvss —epss 0.06
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
- CVE-2007-5094Sep 26, 2007risk 0.03cvss —epss 0.04
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line,…
- CVE-2006-4974Sep 25, 2006risk 0.03cvss —epss 0.04
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
- CVE-2006-2351May 15, 2006risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3)…
- CVE-2004-1883Dec 31, 2004risk 0.03cvss —epss 0.05
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long…
- CVE-2000-0056Jan 5, 2000risk 0.03cvss —epss 0.06
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
- CVE-1999-1497Dec 21, 1999risk 0.03cvss —epss 0.01
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
- CVE-1999-1171Feb 2, 1999risk 0.03cvss —epss 0.05
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
- CVE-1999-1170Jan 2, 1999risk 0.03cvss —epss 0.04
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
- CVE-2023-35036Jun 12, 2023risk 0.02cvss —epss 0.13
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain…
- CVE-2007-3823Jul 17, 2007risk 0.02cvss —epss 0.25
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
- CVE-2006-5001Sep 26, 2006risk 0.02cvss —epss 0.32
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on…
- CVE-2023-36933Jul 5, 2023risk 0.01cvss —epss 0.72
In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer…
- CVE-2023-36932Jul 5, 2023risk 0.01cvss —epss 0.82
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an…
- CVE-2008-0945Feb 25, 2008risk 0.01cvss —epss 0.07
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via…
- CVE-2007-3959Jul 24, 2007risk 0.01cvss —epss 0.06
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a…
- CVE-2005-3526Dec 31, 2005risk 0.01cvss —epss 0.07
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
- CVE-2005-2923Dec 7, 2005risk 0.01cvss —epss 0.11
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.
- CVE-2005-1252May 25, 2005risk 0.01cvss —epss 0.13
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a…
- CVE-2004-1848Dec 31, 2004risk 0.01cvss —epss 0.08
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
- CVE-2004-2422Dec 31, 2004risk 0.01cvss —epss 0.07
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
- CVE-2002-0777Aug 12, 2002risk 0.01cvss —epss 0.10
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
- CVE-2000-0825Nov 14, 2000risk 0.01cvss —epss 0.07
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
- CVE-2025-11235Jan 6, 2026risk 0.00cvss —epss 0.00
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.
- CVE-2025-13147Nov 19, 2025risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.
- CVE-2025-2324Mar 19, 2025risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before…
- CVE-2024-8785Dec 2, 2024risk 0.00cvss —epss 0.10
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
- CVE-2024-7744Aug 28, 2024risk 0.00cvss —epss 0.01
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated…
- CVE-2024-6576Jul 29, 2024risk 0.00cvss —epss 0.01
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.
- CVE-2024-4561May 14, 2024risk 0.00cvss —epss 0.00
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.
- CVE-2024-2291Mar 20, 2024risk 0.00cvss —epss 0.00
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the…
- CVE-2024-0396Jan 17, 2024risk 0.00cvss —epss 0.01
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction…
- CVE-2023-6218Nov 29, 2023risk 0.00cvss —epss 0.01
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members…
- CVE-2023-6217Nov 29, 2023risk 0.00cvss —epss 0.01
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft…
- CVE-2023-42656Sep 20, 2023risk 0.00cvss —epss 0.00
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious…
- CVE-2023-40043Sep 20, 2023risk 0.00cvss —epss 0.01
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to…
- CVE-2023-42660Sep 20, 2023risk 0.00cvss —epss 0.01
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain…
Page 2 of 4