Search criteria
9 vulnerabilities found for whatsup by ipswitch
VAR-200602-0436
Vulnerability from variot - Updated: 2025-04-03 22:42NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. Remote attackers may use this vulnerability to perform denial of service attacks on server programs. If the user visits a specially crafted URL request, it may cause NmService to use 100\% of CPU resources, resulting in a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200602-0436",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "whatsup",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "professional_2006"
},
{
"model": "whatsup professional",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "20060"
}
],
"sources": [
{
"db": "BID",
"id": "16771"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Josh Zlatin jzlatin@ramat.cc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0911",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-0911",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-17019",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0911",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200602-421",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-17019",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17019"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) \"In]\" and (2) \"b;tnLogIn\" parameters, or (3) malformed btnLogIn parameters, possibly involving missing \"[\" (open bracket) or \"[\" (closing bracket) characters, as demonstrated by \"\u0026btnLogIn=[Log\u0026In]=\u0026\" or \"\u0026b;tnLogIn=[Log\u0026In]=\u0026\" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application\u0027s failure to properly handle certain HTTP GET requests. \nThis issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. Remote attackers may use this vulnerability to perform denial of service attacks on server programs. If the user visits a specially crafted URL request, it may cause NmService to use 100\\\\% of CPU resources, resulting in a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0911"
},
{
"db": "BID",
"id": "16771"
},
{
"db": "VULHUB",
"id": "VHN-17019"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-17019",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17019"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16771",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "23494",
"trust": 1.7
},
{
"db": "SREASON",
"id": "472",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0704",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-0911",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421",
"trust": 0.7
},
{
"db": "XF",
"id": "24864",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060222 IPSWITCH WHATSUP PROFESSIONAL 2006 DOS",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-80875",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "27258",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-17019",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17019"
},
{
"db": "BID",
"id": "16771"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"id": "VAR-200602-0436",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17019"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:42:38.752000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17019"
},
{
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16771"
},
{
"trust": 1.7,
"url": "http://zur.homelinux.com/advisories/ipswitch_dos.txt"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/23494"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/472"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24864"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/425780/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0704"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/network-management.asp"
},
{
"trust": 0.3,
"url": "/archive/1/425780"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17019"
},
{
"db": "BID",
"id": "16771"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-17019"
},
{
"db": "BID",
"id": "16771"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-17019"
},
{
"date": "2006-02-22T00:00:00",
"db": "BID",
"id": "16771"
},
{
"date": "2006-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"date": "2006-02-28T11:02:00",
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-17019"
},
{
"date": "2006-02-23T18:47:00",
"db": "BID",
"id": "16771"
},
{
"date": "2006-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-421"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-0911"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch WhatsUp Professional 2006 Remote Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "16771"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-421"
}
],
"trust": 0.6
}
}
VAR-200506-0244
Vulnerability from variot - Updated: 2025-04-03 22:33SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. It should be noted that by supplying a 'or' value through the 'password' parameter, an attacker can gain unauthorized access to an affected site. WhatsUp Professional is a network management solution for SMBs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200506-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "whatsup",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "professional_2005_sp1"
},
{
"model": "whatsup professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2005"
},
{
"model": "whatsup professional sp1a",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2005"
}
],
"sources": [
{
"db": "BID",
"id": "14039"
},
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1250",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1250",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12459",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1250",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200506-208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12459"
},
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). This issue is due to a failure in the application to properly sanitize user-supplied input to the \u0027login.asp\u0027 script before using it in an SQL query. \nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. It should be noted that by supplying a \u0027or\u0027 value through the \u0027password\u0027 parameter, an attacker can gain unauthorized access to an affected site. WhatsUp Professional is a network management solution for SMBs",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1250"
},
{
"db": "BID",
"id": "14039"
},
{
"db": "VULHUB",
"id": "VHN-12459"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12459",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12459"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1250",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200506-208",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050622 IPSWITCH WHATSUP PROFESSIONAL 2005 (SP1) SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "14039",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "25874",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-79527",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12459",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12459"
},
{
"db": "BID",
"id": "14039"
},
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"id": "VAR-200506-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12459"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:33:02.755000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?forumid=20\u0026messageid=7699"
},
{
"trust": 1.7,
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"trust": 1.7,
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
},
{
"trust": 1.6,
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "/archive/1/403080"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?forumid=20\u0026amp;messageid=7699"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=268\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12459"
},
{
"db": "BID",
"id": "14039"
},
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12459"
},
{
"db": "BID",
"id": "14039"
},
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-06-22T00:00:00",
"db": "VULHUB",
"id": "VHN-12459"
},
{
"date": "2005-06-22T00:00:00",
"db": "BID",
"id": "14039"
},
{
"date": "2005-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"date": "2005-06-22T04:00:00",
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-12459"
},
{
"date": "2009-07-12T16:06:00",
"db": "BID",
"id": "14039"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200506-208"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-1250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch WhatsUp Professional \u0027login.asp\u0027 SQL Injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200506-208"
}
],
"trust": 0.6
}
}
VAR-200605-0368
Vulnerability from variot - Updated: 2025-04-03 22:32Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them in further network attacks. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. What\'\'s Up Professional 2006 has an authentication bypass vulnerability, an attacker can bypass the authentication mechanism and log in without credentials. An attacker can trick the application into believing that the request is coming from the console, which is trusted, by sending HTTP requests with specially crafted headers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0368",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "whatsup",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "professional_2006"
},
{
"model": "whatsup professional",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "20060"
},
{
"model": "whatsup professional",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.01"
}
],
"sources": [
{
"db": "BID",
"id": "18019"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kenneth F. Belva ken@ftusecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
}
],
"trust": 0.6
},
"cve": "CVE-2006-2531",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2531",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-18639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2531",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-397",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-18639",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18639"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch WhatsUp Professional 2006 only verifies the user\u0027s identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\". Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. \nThis issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them in further network attacks. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. What\\\u0027\\\u0027s Up Professional 2006 has an authentication bypass vulnerability, an attacker can bypass the authentication mechanism and log in without credentials. An attacker can trick the application into believing that the request is coming from the console, which is trusted, by sending HTTP requests with specially crafted headers",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2531"
},
{
"db": "BID",
"id": "18019"
},
{
"db": "VULHUB",
"id": "VHN-18639"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-18639",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18639"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "18019",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2006-2531",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1849",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200605-397",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060517 WHAT\u0027S UP PROFESSIONAL SPOOFING AUTHENTICATION BYPASS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060517 RE: [FULL-DISCLOSURE] WHAT\u0027S UP PROFESSIONAL SPOOFING AUTHENTICATION BYPASS",
"trust": 0.6
},
{
"db": "XF",
"id": "26529",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-81482",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "27891",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-18639",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18639"
},
{
"db": "BID",
"id": "18019"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"id": "VAR-200605-0368",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18639"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:32:58.319000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/18019"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/434447/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/434247/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26529"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1849"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/network-management.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/whatsup_professional/releases/wup200601.asp"
},
{
"trust": 0.3,
"url": "/archive/1/434247"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18639"
},
{
"db": "BID",
"id": "18019"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18639"
},
{
"db": "BID",
"id": "18019"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-18639"
},
{
"date": "2006-05-17T00:00:00",
"db": "BID",
"id": "18019"
},
{
"date": "2006-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"date": "2006-05-22T23:10:00",
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-18639"
},
{
"date": "2006-06-29T16:04:00",
"db": "BID",
"id": "18019"
},
{
"date": "2013-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-397"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2531"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch WhatsUp Professional Authentication bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-397"
}
],
"trust": 0.6
}
}
CVE-2006-2531 (GCVE-0-2006-2531)
Vulnerability from nvd – Published: 2006-05-22 23:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/434247/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/434447/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/1849 | vdb-entryx_refsource_VUPEN |
| http://www.ftusecurity.com/pub/whatsup.public.pdf | x_refsource_MISC |
| http://www.securityfocus.com/bid/18019 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060517 What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"name": "20060517 Re: [Full-disclosure] What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"name": "ADV-2006-1849",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"name": "18019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18019"
},
{
"name": "whatsup-http-auth-bypass(26529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WhatsUp Professional 2006 only verifies the user\u0027s identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060517 What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"name": "20060517 Re: [Full-disclosure] What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"name": "ADV-2006-1849",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"name": "18019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18019"
},
{
"name": "whatsup-http-auth-bypass(26529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch WhatsUp Professional 2006 only verifies the user\u0027s identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060517 What\u0027s Up Professional Spoofing Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"name": "20060517 Re: [Full-disclosure] What\u0027s Up Professional Spoofing Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"name": "ADV-2006-1849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"name": "http://www.ftusecurity.com/pub/whatsup.public.pdf",
"refsource": "MISC",
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"name": "18019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18019"
},
{
"name": "whatsup-http-auth-bypass(26529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2531",
"datePublished": "2006-05-22T23:00:00.000Z",
"dateReserved": "2006-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0911 (GCVE-0-2006-0911)
Vulnerability from nvd – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:48
VLAI
Summary
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0704 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/16771 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/472 | third-party-advisoryx_refsource_SREASON |
| http://zur.homelinux.com/Advisories/ipswitch_dos.txt | x_refsource_MISC |
| http://www.osvdb.org/23494 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/425780/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"name": "16771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16771"
},
{
"name": "472",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt"
},
{
"name": "23494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23494"
},
{
"name": "20060222 IpSwitch WhatsUp Professional 2006 DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"name": "whatsup-nmservice-dos(24864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) \"In]\" and (2) \"b;tnLogIn\" parameters, or (3) malformed btnLogIn parameters, possibly involving missing \"[\" (open bracket) or \"[\" (closing bracket) characters, as demonstrated by \"\u0026btnLogIn=[Log\u0026In]=\u0026\" or \"\u0026b;tnLogIn=[Log\u0026In]=\u0026\" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"name": "16771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16771"
},
{
"name": "472",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt"
},
{
"name": "23494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23494"
},
{
"name": "20060222 IpSwitch WhatsUp Professional 2006 DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"name": "whatsup-nmservice-dos(24864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) \"In]\" and (2) \"b;tnLogIn\" parameters, or (3) malformed btnLogIn parameters, possibly involving missing \"[\" (open bracket) or \"[\" (closing bracket) characters, as demonstrated by \"\u0026btnLogIn=[Log\u0026In]=\u0026\" or \"\u0026b;tnLogIn=[Log\u0026In]=\u0026\" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0704",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"name": "16771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16771"
},
{
"name": "472",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/472"
},
{
"name": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt",
"refsource": "MISC",
"url": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt"
},
{
"name": "23494",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23494"
},
{
"name": "20060222 IpSwitch WhatsUp Professional 2006 DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"name": "whatsup-nmservice-dos(24864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0911",
"datePublished": "2006-02-28T11:00:00.000Z",
"dateReserved": "2006-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1250 (GCVE-0-2005-1250)
Vulnerability from nvd – Published: 2005-06-22 04:00 – Updated: 2024-08-07 21:44
VLAI
Summary
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/secunia_research/2005-13/advisory/ | x_refsource_MISC |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.ipswitch.com/forums/shwmessage.aspx?Fo… | x_refsource_CONFIRM |
| http://www.corsaire.com/advisories/c050323-001.txt | x_refsource_MISC |
Date Public
2005-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2005-13/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"name": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699"
},
{
"name": "http://www.corsaire.com/advisories/c050323-001.txt",
"refsource": "MISC",
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1250",
"datePublished": "2005-06-22T04:00:00.000Z",
"dateReserved": "2005-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2531 (GCVE-0-2006-2531)
Vulnerability from cvelistv5 – Published: 2006-05-22 23:00 – Updated: 2024-08-07 17:51
VLAI
Summary
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/434247/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/434447/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/1849 | vdb-entryx_refsource_VUPEN |
| http://www.ftusecurity.com/pub/whatsup.public.pdf | x_refsource_MISC |
| http://www.securityfocus.com/bid/18019 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060517 What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"name": "20060517 Re: [Full-disclosure] What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"name": "ADV-2006-1849",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"name": "18019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18019"
},
{
"name": "whatsup-http-auth-bypass(26529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ipswitch WhatsUp Professional 2006 only verifies the user\u0027s identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060517 What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"name": "20060517 Re: [Full-disclosure] What\u0027s Up Professional Spoofing Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"name": "ADV-2006-1849",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"name": "18019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18019"
},
{
"name": "whatsup-http-auth-bypass(26529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ipswitch WhatsUp Professional 2006 only verifies the user\u0027s identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060517 What\u0027s Up Professional Spoofing Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded"
},
{
"name": "20060517 Re: [Full-disclosure] What\u0027s Up Professional Spoofing Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded"
},
{
"name": "ADV-2006-1849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1849"
},
{
"name": "http://www.ftusecurity.com/pub/whatsup.public.pdf",
"refsource": "MISC",
"url": "http://www.ftusecurity.com/pub/whatsup.public.pdf"
},
{
"name": "18019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18019"
},
{
"name": "whatsup-http-auth-bypass(26529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2531",
"datePublished": "2006-05-22T23:00:00.000Z",
"dateReserved": "2006-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:51:04.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0911 (GCVE-0-2006-0911)
Vulnerability from cvelistv5 – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:48
VLAI
Summary
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0704 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/16771 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/472 | third-party-advisoryx_refsource_SREASON |
| http://zur.homelinux.com/Advisories/ipswitch_dos.txt | x_refsource_MISC |
| http://www.osvdb.org/23494 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/425780/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"name": "16771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16771"
},
{
"name": "472",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt"
},
{
"name": "23494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23494"
},
{
"name": "20060222 IpSwitch WhatsUp Professional 2006 DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"name": "whatsup-nmservice-dos(24864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) \"In]\" and (2) \"b;tnLogIn\" parameters, or (3) malformed btnLogIn parameters, possibly involving missing \"[\" (open bracket) or \"[\" (closing bracket) characters, as demonstrated by \"\u0026btnLogIn=[Log\u0026In]=\u0026\" or \"\u0026b;tnLogIn=[Log\u0026In]=\u0026\" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"name": "16771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16771"
},
{
"name": "472",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt"
},
{
"name": "23494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23494"
},
{
"name": "20060222 IpSwitch WhatsUp Professional 2006 DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"name": "whatsup-nmservice-dos(24864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) \"In]\" and (2) \"b;tnLogIn\" parameters, or (3) malformed btnLogIn parameters, possibly involving missing \"[\" (open bracket) or \"[\" (closing bracket) characters, as demonstrated by \"\u0026btnLogIn=[Log\u0026In]=\u0026\" or \"\u0026b;tnLogIn=[Log\u0026In]=\u0026\" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0704",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0704"
},
{
"name": "16771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16771"
},
{
"name": "472",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/472"
},
{
"name": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt",
"refsource": "MISC",
"url": "http://zur.homelinux.com/Advisories/ipswitch_dos.txt"
},
{
"name": "23494",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23494"
},
{
"name": "20060222 IpSwitch WhatsUp Professional 2006 DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425780/100/0/threaded"
},
{
"name": "whatsup-nmservice-dos(24864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0911",
"datePublished": "2006-02-28T11:00:00.000Z",
"dateReserved": "2006-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1250 (GCVE-0-2005-1250)
Vulnerability from cvelistv5 – Published: 2005-06-22 04:00 – Updated: 2024-08-07 21:44
VLAI
Summary
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/secunia_research/2005-13/advisory/ | x_refsource_MISC |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.ipswitch.com/forums/shwmessage.aspx?Fo… | x_refsource_CONFIRM |
| http://www.corsaire.com/advisories/c050323-001.txt | x_refsource_MISC |
Date Public
2005-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2005-13/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-13/advisory/"
},
{
"name": "20050622 IpSwitch WhatsUp Professional 2005 (SP1) SQL Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=268\u0026type=vulnerabilities"
},
{
"name": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20\u0026MessageID=7699"
},
{
"name": "http://www.corsaire.com/advisories/c050323-001.txt",
"refsource": "MISC",
"url": "http://www.corsaire.com/advisories/c050323-001.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1250",
"datePublished": "2005-06-22T04:00:00.000Z",
"dateReserved": "2005-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}