6 results (0.002 seconds)

CVSS: 6.5EPSS: 7%CPEs: 44EXPL: 2

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en en el servicio IMAP en Qbik WinGate 6.2.2.1137 y anteriores, permiten a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de recursos) o posiblemente, ejecución de código arbitrario a través de un argumento largo en el comando LIST. NOTA: algunos de estos detalles se han obtenido a partir de información de terceros. • https://www.exploit-db.com/exploits/32195 http://secunia.com/advisories/31442 http://securityreason.com/securityalert/4146 http://www.securityfocus.com/archive/1/495264/100/0/threaded http://www.securityfocus.com/bid/30606 http://www.securitytracker.com/id?1020644 https://exchange.xforce.ibmcloud.com/vulnerabilities/44370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 10%CPEs: 3EXPL: 0

Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. Vulnerabilidad de cadena de formato en el componente servidor SMTP de Qbik WinGate 5.x y 6.x anterior a 6.2.2 permite a atacantes remotos provocar una denegación de servicio (caída del servicio) mediante especificadores de cadena de formato en determinados comandos inesperados, lo cual dispara una caída durante el registro de errores. • http://secunia.com/advisories/26412 http://securityreason.com/securityalert/3001 http://www.harmonysecurity.com/HS-A007.html http://www.securityfocus.com/archive/1/476011/100/0/threaded http://www.securityfocus.com/bid/25272 http://www.securityfocus.com/bid/25303 http://www.vupen.com/english/advisories/2007/2859 http://www.wingate.com/news.php?id=50 https://exchange.xforce.ibmcloud.com/vulnerabilities/35950 •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. Qbik WinGate 6.1.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una petición DNS con un puntero auto-referenciado a un nombre comprimido, lo cual dispara un bucle infinito. • http://forums.qbik.com/viewtopic.php?t=4215 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444 http://secunia.com/advisories/23029 http://securitytracker.com/id?1017284 http://www.securityfocus.com/bid/21295 http://www.vupen.com/english/advisories/2006/4711 https://exchange.xforce.ibmcloud.com/vulnerabilities/30491 •

CVSS: 5.0EPSS: 1%CPEs: 98EXPL: 0

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. • http://secunia.com/advisories/13145 http://securitytracker.com/id?1012157 http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf http://www.posadis.org/advisories/pos_adv_006.txt http://www.securityfocus.com/bid/11642 https://exchange.xforce.ibmcloud.com/vulnerabilities/17997 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. • http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5373 •