VYPR

Vendor CVEs

Ipswitch, Inc.

All CVEs

158 total · sorted by risk
  • CVE-2021-38159Aug 7, 2021
    risk 0.00cvss epss 0.02

    In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL…

  • CVE-2021-37614Aug 5, 2021
    risk 0.00cvss epss 0.01

    In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server,…

  • CVE-2021-33894Jun 9, 2021
    risk 0.00cvss epss 0.01

    In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in…

  • CVE-2021-31827May 18, 2021
    risk 0.00cvss epss 0.01

    In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL,…

  • CVE-2020-28647Nov 17, 2020
    risk 0.00cvss epss 0.01

    In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's…

  • CVE-2020-8612Feb 14, 2020
    risk 0.00cvss epss 0.02

    In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.

  • CVE-2020-8611Feb 14, 2020
    risk 0.00cvss epss 0.01

    In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending…

  • CVE-2019-18464Oct 31, 2019
    risk 0.00cvss epss 0.02

    In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the…

  • CVE-2019-18465Oct 31, 2019
    risk 0.00cvss epss 0.01

    In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL…

  • CVE-2019-12145Jun 11, 2019
    risk 0.00cvss epss 0.05

    A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.

  • CVE-2019-12144Jun 11, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a…

  • CVE-2019-12143Jun 11, 2019
    risk 0.00cvss epss 0.02

    A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.

  • CVE-2011-1430Mar 16, 2011
    risk 0.00cvss epss 0.03

    The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in…

  • CVE-2008-5693Dec 19, 2008
    risk 0.00cvss epss 0.03

    Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.

  • CVE-2008-0946Feb 25, 2008
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.

  • CVE-2008-0608Feb 6, 2008
    risk 0.00cvss epss 0.06

    The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log…

  • CVE-2007-4345Oct 31, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.

  • CVE-2007-4555Aug 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can…

  • CVE-2007-3926Jul 21, 2007
    risk 0.00cvss epss 0.03

    Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."

  • CVE-2007-2602May 11, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with…

  • CVE-2007-2213Apr 24, 2007
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."

  • CVE-2007-1637Mar 23, 2007
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in…

  • CVE-2007-0666Feb 2, 2007
    risk 0.00cvss epss 0.02

    Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

  • CVE-2007-0665Feb 2, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.

  • CVE-2007-0330Jan 18, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.

  • CVE-2006-3552Jul 13, 2006
    risk 0.00cvss epss 0.02

    Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows…

  • CVE-2006-2357May 15, 2006
    risk 0.00cvss epss 0.04

    Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.

  • CVE-2006-2355May 15, 2006
    risk 0.00cvss epss 0.04

    Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2006-2356May 15, 2006
    risk 0.00cvss epss 0.06

    NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.

  • CVE-2006-2354May 15, 2006
    risk 0.00cvss epss 0.04

    NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2006-2352May 15, 2006
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. …

  • CVE-2006-2353May 15, 2006
    risk 0.00cvss epss 0.03

    NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.

  • CVE-2005-2931Dec 7, 2005
    risk 0.00cvss epss 0.05

    Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.

  • CVE-2005-1249May 25, 2005
    risk 0.00cvss epss 0.05

    The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.

  • CVE-2005-1254May 25, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.

  • CVE-2005-0707May 2, 2005
    risk 0.00cvss epss 0.02

    Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.

  • CVE-2004-2423Dec 31, 2004
    risk 0.00cvss epss 0.05

    Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."

  • CVE-2004-2401Dec 31, 2004
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."

  • CVE-2004-1885Dec 31, 2004
    risk 0.00cvss epss 0.04

    Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.

  • CVE-2004-0799Oct 20, 2004
    risk 0.00cvss epss 0.06

    The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".

  • CVE-2004-1884Mar 23, 2004
    risk 0.00cvss epss 0.06

    Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

  • CVE-2002-1851Dec 31, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.

  • CVE-2001-1211Dec 31, 2001
    risk 0.00cvss epss 0.03

    Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an…

  • CVE-2001-1286Oct 12, 2001
    risk 0.00cvss epss 0.04

    Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.

  • CVE-2001-1285Oct 12, 2001
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.

  • CVE-2001-1282Oct 12, 2001
    risk 0.00cvss epss 0.02

    Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.

  • CVE-2001-1283Oct 12, 2001
    risk 0.00cvss epss 0.04

    The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due…

  • CVE-2001-1284Oct 12, 2001
    risk 0.00cvss epss 0.02

    Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.

  • CVE-2001-1280Oct 12, 2001
    risk 0.00cvss epss 0.02

    POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.

  • CVE-2001-1281Oct 12, 2001
    risk 0.00cvss epss 0.02

    Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.