CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2009-0802
https://notcve.org/view.php?id=CVE-2009-0802
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Qbik WinGate, cuando el modo de intercepción transparente esta activado, utiliza una cabecera de Host HTTP para determinar un punto final remoto, lo que permite a atacantes remotos evitar el control de acceso para Flash, Java, Silverlight y probablemente otras tecnologías, y posiblemente comunicar con sitios restringidos de redes internas a través de una pagina web manipulada que causa que el cliente envíe peticiones HTTP con una cabecera host modificada. • http://www.kb.cert.org/vuls/id/435052 http://www.securityfocus.com/bid/33858 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 7%CPEs: 44EXPL: 2CVE-2008-3606 – Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3606
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en en el servicio IMAP en Qbik WinGate 6.2.2.1137 y anteriores, permiten a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de recursos) o posiblemente, ejecución de código arbitrario a través de un argumento largo en el comando LIST. NOTA: algunos de estos detalles se han obtenido a partir de información de terceros. • https://www.exploit-db.com/exploits/32195 http://secunia.com/advisories/31442 http://securityreason.com/securityalert/4146 http://www.securityfocus.com/archive/1/495264/100/0/threaded http://www.securityfocus.com/bid/30606 http://www.securitytracker.com/id?1020644 https://exchange.xforce.ibmcloud.com/vulnerabilities/44370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 10%CPEs: 3EXPL: 0CVE-2007-4335
https://notcve.org/view.php?id=CVE-2007-4335
Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. Vulnerabilidad de cadena de formato en el componente servidor SMTP de Qbik WinGate 5.x y 6.x anterior a 6.2.2 permite a atacantes remotos provocar una denegación de servicio (caída del servicio) mediante especificadores de cadena de formato en determinados comandos inesperados, lo cual dispara una caída durante el registro de errores. • http://secunia.com/advisories/26412 http://securityreason.com/securityalert/3001 http://www.harmonysecurity.com/HS-A007.html http://www.securityfocus.com/archive/1/476011/100/0/threaded http://www.securityfocus.com/bid/25272 http://www.securityfocus.com/bid/25303 http://www.vupen.com/english/advisories/2007/2859 http://www.wingate.com/news.php?id=50 https://exchange.xforce.ibmcloud.com/vulnerabilities/35950 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2006-4518
https://notcve.org/view.php?id=CVE-2006-4518
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. Qbik WinGate 6.1.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una petición DNS con un puntero auto-referenciado a un nombre comprimido, lo cual dispara un bucle infinito. • http://forums.qbik.com/viewtopic.php?t=4215 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444 http://secunia.com/advisories/23029 http://securitytracker.com/id?1017284 http://www.securityfocus.com/bid/21295 http://www.vupen.com/english/advisories/2006/4711 https://exchange.xforce.ibmcloud.com/vulnerabilities/30491 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2917
https://notcve.org/view.php?id=CVE-2006-2917
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands. Vulnerabilidad de salto de directorio en el servidor IMAP en WinGate 6.1.2.1094 y 6.1.3.1096, y posiblemente otras versiones anteriores a 6.1.4 Build 1099, permite a usuarios autenticados leer el correo de otros usuarios, o realizar operaciones no autorizadas en los directorios, a través de las ordenes 1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, y (7) LIST. • http://secunia.com/advisories/20707 http://secunia.com/secunia_research/2006-48/advisory http://www.securityfocus.com/bid/18908 http://www.vupen.com/english/advisories/2006/2730 http://www.wingate.com/download.php •