Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Whatsup_gold
(Progress)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-25 | CVE-2024-5017 | In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | Whatsup_gold | 6.5 | ||
| 2024-06-25 | CVE-2024-5018 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory . | Whatsup_gold | 7.5 | ||
| 2024-06-25 | CVE-2024-5019 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges. | Whatsup_gold | 7.5 | ||
| 2024-10-24 | CVE-2024-7763 | In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | Whatsup_gold | 7.5 | ||
| 2024-08-29 | CVE-2024-6670 | In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | Whatsup_gold | 9.8 | ||
| 2024-08-29 | CVE-2024-6671 | In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | Whatsup_gold | 9.8 | ||
| 2024-08-29 | CVE-2024-6672 | In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. | Whatsup_gold | 8.8 | ||
| 2012-08-15 | CVE-2012-2601 | SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | Whatsup_gold | N/A | ||
| 2012-08-15 | CVE-2012-4344 | Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. | Whatsup_gold | N/A | ||
| 2015-12-27 | CVE-2015-6005 | Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11)... | Whatsup_gold | 6.9 |