6 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Qbik WinGate, cuando el modo de intercepción transparente esta activado, utiliza una cabecera de Host HTTP para determinar un punto final remoto, lo que permite a atacantes remotos evitar el control de acceso para Flash, Java, Silverlight y probablemente otras tecnologías, y posiblemente comunicar con sitios restringidos de redes internas a través de una pagina web manipulada que causa que el cliente envíe peticiones HTTP con una cabecera host modificada. • http://www.kb.cert.org/vuls/id/435052 http://www.securityfocus.com/bid/33858 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 7%CPEs: 44EXPL: 2

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en en el servicio IMAP en Qbik WinGate 6.2.2.1137 y anteriores, permiten a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de recursos) o posiblemente, ejecución de código arbitrario a través de un argumento largo en el comando LIST. NOTA: algunos de estos detalles se han obtenido a partir de información de terceros. • https://www.exploit-db.com/exploits/32195 http://secunia.com/advisories/31442 http://securityreason.com/securityalert/4146 http://www.securityfocus.com/archive/1/495264/100/0/threaded http://www.securityfocus.com/bid/30606 http://www.securitytracker.com/id?1020644 https://exchange.xforce.ibmcloud.com/vulnerabilities/44370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 10%CPEs: 3EXPL: 0

Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. Vulnerabilidad de cadena de formato en el componente servidor SMTP de Qbik WinGate 5.x y 6.x anterior a 6.2.2 permite a atacantes remotos provocar una denegación de servicio (caída del servicio) mediante especificadores de cadena de formato en determinados comandos inesperados, lo cual dispara una caída durante el registro de errores. • http://secunia.com/advisories/26412 http://securityreason.com/securityalert/3001 http://www.harmonysecurity.com/HS-A007.html http://www.securityfocus.com/archive/1/476011/100/0/threaded http://www.securityfocus.com/bid/25272 http://www.securityfocus.com/bid/25303 http://www.vupen.com/english/advisories/2007/2859 http://www.wingate.com/news.php?id=50 https://exchange.xforce.ibmcloud.com/vulnerabilities/35950 •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. Qbik WinGate 6.1.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una petición DNS con un puntero auto-referenciado a un nombre comprimido, lo cual dispara un bucle infinito. • http://forums.qbik.com/viewtopic.php?t=4215 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444 http://secunia.com/advisories/23029 http://securitytracker.com/id?1017284 http://www.securityfocus.com/bid/21295 http://www.vupen.com/english/advisories/2006/4711 https://exchange.xforce.ibmcloud.com/vulnerabilities/30491 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory. Wingate 5.2.3 build 901 y 6.0 beta 2 build 942, y otras versiones como la 5.0.5, permite a atacantes remotos leer ficheros arbitraios del directorio raíz mediante un petición URL al directorio wingate-internal. • http://marc.info/?l=full-disclosure&m=108872788123695&w=2 http://www.idefense.com/application/poi/display?id=113 https://exchange.xforce.ibmcloud.com/vulnerabilities/16589 •