ReportizFlow
Filtered by vendor Ipswitch
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1284 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. | ||||
| CVE-2006-2353 | 1 Ipswitch | 1 Whatsup Professional | 2026-04-16 | N/A |
| NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | ||||
| CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2026-04-16 | N/A |
| NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | ||||
| CVE-1999-1046 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. | ||||
| CVE-2000-0780 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. | ||||
| CVE-2002-1076 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. | ||||
| CVE-2001-1211 | 1 Ipswitch | 1 Imail | 2026-04-16 | N/A |
| Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. | ||||
| CVE-2004-0799 | 2 Ipswitch, Progress | 2 Whatsup Gold, Whatsup Gold | 2026-04-16 | N/A |
| The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". | ||||
| CVE-2017-12639 | 1 Ipswitch | 1 Imail Server | 2025-04-20 | N/A |
| Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. | ||||
| CVE-2017-16513 | 1 Ipswitch | 1 Ws Ftp | 2025-04-20 | N/A |
| Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. | ||||
| CVE-2017-6195 | 1 Ipswitch | 2 Moveit Dmz, Moveit Transfer 2017 | 2025-04-20 | N/A |
| Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | ||||
| CVE-2017-12638 | 1 Ipswitch | 1 Imail Server | 2025-04-20 | N/A |
| Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. | ||||
| CVE-2015-7675 | 1 Ipswitch | 2 Moveit Dmz, Moveit Mobile | 2025-04-12 | N/A |
| The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx. | ||||
| CVE-2014-3878 | 1 Ipswitch | 1 Imail Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | ||||
| CVE-2015-7679 | 1 Ipswitch | 1 Moveit Mobile | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | ||||
| CVE-2015-7678 | 1 Ipswitch | 1 Moveit Mobile | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-7677 | 1 Ipswitch | 1 Moveit Dmz | 2025-04-12 | N/A |
| The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll. | ||||
| CVE-2015-7676 | 1 Ipswitch | 1 Moveit Dmz | 2025-04-12 | N/A |
| Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. | ||||
| CVE-2015-7680 | 1 Ipswitch | 1 Moveit Dmz | 2025-04-12 | N/A |
| Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx. | ||||
| CVE-2011-4722 | 1 Ipswitch | 1 Tftp Server | 2025-04-12 | N/A |
| Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation. | ||||