Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
whatsup gold vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-8939
An SSRF issue exists in NmAPI.exe in Ipswitch WhatsUp Gold prior to 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3...
Ipswitch Whatsup Gold
9.8
CVSSv3
CVE-2018-8938
A Code Injection issue exists in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold prior to 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.
Ipswitch Whatsup Gold
9.8
CVSSv3
CVE-2018-5777
An issue exists in Ipswitch WhatsUp Gold prior to 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow malicious users to execute arbitrary commands on the TFTP server via unspecified vectors.
Ipswitch Whatsup Gold
9.8
CVSSv3
CVE-2018-5778
An issue exists in Ipswitch WhatsUp Gold prior to 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow malicious users to execute arbitrary SQL commands via unspecified vectors.
Ipswitch Whatsup Gold
9.8
CVSSv3
CVE-2015-8261
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold prior to 16.4 does not properly validate serialized XML objects, which allows remote malicious users to conduct SQL injection attacks via a crafted SOAP request.
Ipswitch Whatsup Gold 16.3
1 EDB exploit
9.6
CVSSv3
CVE-2022-42711
In Progress WhatsUp Gold prior to 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated malicious user to execute arbitrary code in a victim's browser.
Progress Whatsup Gold
8.8
CVSSv3
CVE-2016-1000000
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
Ipswitch Whatsup Gold
7.5
CVSSv3
CVE-2022-29847
In Progress Ipswitch WhatsUp Gold 21.0.0 up to and including 21.1.1, and 22.0.0, it is possible for an unauthenticated malicious user to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
Ipswitch Whatsup Gold 22.0.0
Ipswitch Whatsup Gold
6.9
CVSSv3
CVE-2015-6005
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow M...
Ipswitch Whatsup Gold
6.5
CVSSv3
CVE-2022-29848
In Progress Ipswitch WhatsUp Gold 17.0.0 up to and including 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
Ipswitch Whatsup Gold
Ipswitch Whatsup Gold 22.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »