CVE-2009-0802
https://notcve.org/view.php?id=CVE-2009-0802
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Qbik WinGate, cuando el modo de intercepción transparente esta activado, utiliza una cabecera de Host HTTP para determinar un punto final remoto, lo que permite a atacantes remotos evitar el control de acceso para Flash, Java, Silverlight y probablemente otras tecnologías, y posiblemente comunicar con sitios restringidos de redes internas a través de una pagina web manipulada que causa que el cliente envíe peticiones HTTP con una cabecera host modificada. • http://www.kb.cert.org/vuls/id/435052 http://www.securityfocus.com/bid/33858 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3606 – Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3606
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en en el servicio IMAP en Qbik WinGate 6.2.2.1137 y anteriores, permiten a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de recursos) o posiblemente, ejecución de código arbitrario a través de un argumento largo en el comando LIST. NOTA: algunos de estos detalles se han obtenido a partir de información de terceros. • https://www.exploit-db.com/exploits/32195 http://secunia.com/advisories/31442 http://securityreason.com/securityalert/4146 http://www.securityfocus.com/archive/1/495264/100/0/threaded http://www.securityfocus.com/bid/30606 http://www.securitytracker.com/id?1020644 https://exchange.xforce.ibmcloud.com/vulnerabilities/44370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •