Ipswitch 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk sql injection and vendor risk input validation などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2009-4775 | Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. | [email protected] | 4.3 | 18.04% | 2010-04-21 | 2026-04-29 |
| CVE-2007-2795 | Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. | [email protected] | 9.0 | 17.55% | 2009-01-27 | 2026-04-23 |
| CVE-2008-5693 | Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | [email protected] | 5.0 | 0.06% | 2008-12-19 | 2026-04-23 |
| CVE-2008-5692 | Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | [email protected] | 5.0 | 1.01% | 2008-12-19 | 2026-04-23 |
| CVE-2008-3795 | Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." | [email protected] | 10.0 | 13.76% | 2008-08-27 | 2026-04-23 |
| CVE-2008-3734 | Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | [email protected] | 9.3 | 69.43% | 2008-08-20 | 2026-04-23 |
| CVE-2008-0946 | Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | [email protected] | 4.9 | 0.06% | 2008-02-25 | 2026-04-23 |
| CVE-2008-0945 | Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | [email protected] | 3.5 | 1.20% | 2008-02-25 | 2026-04-23 |
| CVE-2008-0944 | Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | [email protected] | 5.0 | 11.26% | 2008-02-25 | 2026-04-23 |
| CVE-2008-0608 | The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823. | [email protected] | 5.0 | 1.82% | 2008-02-06 | 2026-04-23 |
| CVE-2007-4345 | Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. | [email protected] | 7.5 | 0.22% | 2007-10-31 | 2026-04-23 |
| CVE-2007-5094 | Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line. | [email protected] | 7.5 | 6.23% | 2007-09-26 | 2026-04-23 |
| CVE-2007-4555 | Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account. | [email protected] | 4.3 | 0.05% | 2007-08-28 | 2026-04-23 |
| CVE-2007-3959 | The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. | [email protected] | 5.0 | 0.98% | 2007-07-24 | 2026-04-23 |
| CVE-2007-3927 | Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe." | [email protected] | 10.0 | 72.29% | 2007-07-21 | 2026-04-23 |
| CVE-2007-3926 | Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." | [email protected] | 7.8 | 0.49% | 2007-07-21 | 2026-04-23 |
| CVE-2007-3925 | Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command. | [email protected] | 6.5 | 90.36% | 2007-07-21 | 2026-04-23 |
| CVE-2007-3823 | The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | [email protected] | 7.8 | 6.44% | 2007-07-17 | 2026-04-23 |
| CVE-2007-2213 | Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments." | [email protected] | 7.8 | 2.90% | 2007-04-24 | 2026-04-23 |
| CVE-2007-1637 | Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. | [email protected] | 9.3 | 0.97% | 2007-03-23 | 2026-04-23 |