Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ipswitch Subscribe
Total 125 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1135 1 Ipswitch 1 Ws Ftp Server 2017-07-10 5.0 MEDIUM N/A
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
CVE-2004-0799 1 Ipswitch 1 Whatsup Gold 2017-07-10 5.0 MEDIUM N/A
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
CVE-2017-6195 1 Ipswitch 2 Moveit Dmz, Moveit Transfer 2017 2017-05-26 7.5 HIGH 9.8 CRITICAL
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.
CVE-2015-6004 1 Ipswitch 1 Whatsup Gold 2016-12-05 6.5 MEDIUM 6.5 MEDIUM
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
CVE-2015-6005 1 Ipswitch 1 Whatsup Gold 2016-12-05 3.5 LOW 6.9 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.
CVE-2015-7676 1 Ipswitch 1 Moveit Dmz 2016-11-28 3.5 LOW 5.4 MEDIUM
Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.
CVE-2005-2160 1 Ipswitch 1 Imail 2016-10-17 5.0 MEDIUM N/A
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2000-0780 1 Ipswitch 1 Imail 2016-10-17 6.4 MEDIUM N/A
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
CVE-2000-0301 1 Ipswitch 1 Imail 2016-10-17 5.0 MEDIUM N/A
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
CVE-2015-7680 1 Ipswitch 1 Moveit Dmz 2016-02-18 5.0 MEDIUM 5.3 MEDIUM
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
CVE-2015-7679 1 Ipswitch 1 Moveit Mobile 2016-02-18 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
CVE-2015-7678 1 Ipswitch 1 Moveit Mobile 2016-02-18 6.8 MEDIUM 8.8 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-7675 1 Ipswitch 2 Moveit Dmz, Moveit Mobile 2016-02-18 4.0 MEDIUM 6.5 MEDIUM
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.
CVE-2015-7677 1 Ipswitch 1 Moveit Dmz 2016-02-11 4.0 MEDIUM 4.3 MEDIUM
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.
CVE-2014-3878 1 Ipswitch 1 Imail Server 2015-08-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.
CVE-2007-3926 1 Ipswitch 1 Imail Server 2011-03-07 7.8 HIGH N/A
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
CVE-2007-3959 1 Ipswitch 2 Imserver, Ipswitch Collaboration Suite 2011-03-07 5.0 MEDIUM N/A
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
CVE-2007-1637 1 Ipswitch 4 Imail, Imail Plus, Imail Premium and 1 more 2011-03-07 9.3 HIGH N/A
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
CVE-2006-3552 1 Ipswitch 2 Ipswitch Collaboration Suite, Ipswitch Secure Server 2011-03-07 6.4 MEDIUM N/A
Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission.
CVE-2005-2923 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2011-03-07 4.0 MEDIUM N/A
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory.