Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ipswitch whatsup gold vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-0799
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote malicious users to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
Ipswitch Whatsup Gold 7.0
Ipswitch Whatsup Gold 8.03
Ipswitch Whatsup Gold 8.03 Hotfix 1
Ipswitch Whatsup Gold 8.0
Ipswitch Whatsup Gold 8.01
Ipswitch Whatsup Gold 7.03
Ipswitch Whatsup Gold 7.04
7.5
CVSSv2
CVE-2004-0798
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold prior to 8.03 Hotfix 1 allows remote malicious users to execute arbitrary code via a long instancename parameter.
Ipswitch Whatsup Gold 8.01
Ipswitch Whatsup Gold 8.03
Ipswitch Whatsup Gold 7.04
Ipswitch Whatsup Gold 8.0
Ipswitch Whatsup Gold 7.0
Ipswitch Whatsup Gold 7.03
2 EDB exploits
4
CVSSv2
CVE-2022-29845
In Progress Ipswitch WhatsUp Gold 21.1.0 up to and including 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Ipswitch Whatsup Gold 22.0.0
Ipswitch Whatsup Gold 21.1.0
Ipswitch Whatsup Gold 21.1.1
5
CVSSv2
CVE-2022-29846
In Progress Ipswitch WhatsUp Gold 16.1 up to and including 21.1.1, and 22.0.0, it is possible for an unauthenticated malicious user to obtain the WhatsUp Gold installation serial number.
Ipswitch Whatsup Gold 22.0.0
Ipswitch Whatsup Gold
5
CVSSv2
CVE-2022-29847
In Progress Ipswitch WhatsUp Gold 21.0.0 up to and including 21.1.1, and 22.0.0, it is possible for an unauthenticated malicious user to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
Ipswitch Whatsup Gold 22.0.0
Ipswitch Whatsup Gold
4
CVSSv2
CVE-2022-29848
In Progress Ipswitch WhatsUp Gold 17.0.0 up to and including 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
Ipswitch Whatsup Gold
Ipswitch Whatsup Gold 22.0.0
7.5
CVSSv2
CVE-2018-8938
A Code Injection issue exists in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold prior to 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.
Ipswitch Whatsup Gold
7.5
CVSSv2
CVE-2018-8939
An SSRF issue exists in NmAPI.exe in Ipswitch WhatsUp Gold prior to 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3...
Ipswitch Whatsup Gold
6.5
CVSSv2
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Ipswitch Whatsup Gold
7.5
CVSSv2
CVE-2018-5777
An issue exists in Ipswitch WhatsUp Gold prior to 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow malicious users to execute arbitrary commands on the TFTP server via unspecified vectors.
Ipswitch Whatsup Gold
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »