Qbik WinGate HTTP Proxy Server Access Controls Bypass Vulnerability

This host is running WinGate HTTP Proxy Server and is prone to access controls bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodwingatehttpproxyservaclbypassvuln.nasl 5390 2017-02-21 18:39:27Z mime $ Qbik WinGate HTTP Proxy Server Access Controls Bypass Vulnerability Authors: Sharath S...

Qbik WinGate HTTP Proxy Server Access Controls Bypass Vulnerability

WinGate HTTP Proxy Server is prone to access controls bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Qbik WinGate Version Detection

Detects the installed version of Qbik WinGate. The script logs in via smb, searches for Qbik WinGate in the registry and gets the version from registry. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Design/Logic Flaw

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

CVE-2009-0802

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

CVE-2009-0802

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

CVE-2009-0802

CVE-2009-0802 affects Qbik WinGate HTTP Proxy Server. In transparent interception mode, the proxy uses the HTTP Host header to determine the remote endpoint, enabling a crafted page to force a client to send requests with a modified Host header. This can allow remote attackers to bypass access co...

多个HTTP代理HTTP Host头错误中继行为漏洞

BUGTRAQ ID: 33858 RFC 2616中所定义的HTTP Host头规范允许多个站点共享单个IP地址。 透明代理服务器无需用户交互或浏览器配置便拦截并重新定向网络连接，而很多以透明模式运行的代理服务器基于HTTP host-header值判断连接。Flash、Java等浏览器插件可能通过限制与内容所来源的站点或域的通讯对活动内容强制访问控制。攻击者可以通过活动内容来伪造主机头的值，这样以透明模式运行的代理服务器就会基于这个伪造的值来确定连接，因此攻击者可以连接到代理可连接到的任何网站或资源，包括通常不会暴露给Internet的内网资源。 Qbik WinGate 6.x...

WinGate IMAP Server Buffer Overflow Vulnerability

This host is running Qbik WinGate, which is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: secpodwingateimapdosvuln900201.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: WinGate IMAP Server Buffer Overflow Vulnerability Authors: Veerendra GG Copyright: Copyright C 200...

WinGate IMAP Server Buffer Overflow Vulnerability

Qbik WinGate is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Heap overflow

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service resource exhaustion or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third...

CVE-2008-3606

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service resource exhaustion or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third...

CVE-2008-3606

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service resource exhaustion or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third...

CVE-2008-3606

CVE-2008-3606 describes a heap-based buffer overflow in the IMAP service of Qbik WinGate 6.2.2.1137 and earlier. The vulnerability allows remote authenticated users to cause a denial of service (resource exhaustion) and may enable arbitrary code execution through a long argument to the LIST comma...

Qbik WinGate LIST命令远程拒绝服务漏洞

BUGTRAQ ID: 30606 CNCAN ID：CNCAN-2008081104 Qbik WinGate是一款Internet代理服务器及防火墙软件包。 Qbik WinGate处理LIST命令存在问题，远程攻击者可以利用漏洞对应用服务程序进行拒绝服务攻击。 发送如下消息给给IMAP服务器： A01 LOGIN user password A02 LIST Ax1000 根据相关服务器资源情况可导致服务器崩溃，攻击可造成服务器拒绝所有连接造成拒绝服务攻击。 Qbik WinGate 6.2.2 目前没有解决方案提供： http://www.wingate.com/...

Qbik WinGate 6.2.2 - LIST Remote Denial of Service

Qbik WinGate 6.2.2 - LIST Remote Denial of Service source: https://www.securityfocus.com/bid/30606/info WinGate is prone to a remote denial-of-service vulnerability affecting the application's IMAP email server. Exploiting this issue will consume computer resources and deny access to legitimate...

WinGate Mail Server DoS

IMAP LIST command resources exhaustion...

[AJECT] WinGate Email Server (IMAP) vulnerability

---------------------------------------- Synopsis ---------------------------------------- WinGate is vulnerable to denial-of-service DoS attacks caused probably by a resource exhaustion vulnerability. The IMAP server ceases to provide access to its clients after processing a LIST command with a...

Qbik WinGate 6.2.2 - 'LIST' Remote Denial of Service

source: https://www.securityfocus.com/bid/30606/info WinGate is prone to a remote denial-of-service vulnerability affecting the application's IMAP email server. Exploiting this issue will consume computer resources and deny access to legitimate users. WinGate 6.2.2 is vulnerable; other versions m...

CVE-2007-4335

Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service service crash via format string specifiers in certain unexpected commands, which trigger a crash during error logging...