Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
whatsup gold vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6367
In WhatsUp Gold versions released prior to 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an malicious user to craft a XSS payload and store that value within Roles. If a WhatsUp Gold user interacts with the crafted payload, the...
Progress Whatsup Gold
NA
CVE-2023-6368
In WhatsUp Gold versions released prior to 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated malicious user to enumerate information related to a registered device being monitored by WhatsUp Gold.
Progress Whatsup Gold
NA
CVE-2023-6595
In WhatsUp Gold versions released prior to 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated malicious user to enumerate ancillary credential information stored within WhatsUp Gold.
Progress Whatsup Gold
1 Github repository
NA
CVE-2022-42711
In Progress WhatsUp Gold prior to 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated malicious user to execute arbitrary code in a victim's browser.
Progress Whatsup Gold
7.5
CVSSv2
CVE-2018-8938
A Code Injection issue exists in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold prior to 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.
Ipswitch Whatsup Gold
NA
CVE-2023-35759
In Progress WhatsUp Gold prior to 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated malicious user to execute arbitrary code in a victim's browser, aka XSS.
Progress Whatsup Gold
6.5
CVSSv2
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Ipswitch Whatsup Gold
3.5
CVSSv2
CVE-2015-6005
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow M...
Ipswitch Whatsup Gold
6.5
CVSSv2
CVE-2016-1000000
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
Ipswitch Whatsup Gold
7.5
CVSSv2
CVE-2018-5777
An issue exists in Ipswitch WhatsUp Gold prior to 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow malicious users to execute arbitrary commands on the TFTP server via unspecified vectors.
Ipswitch Whatsup Gold
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »