MidnightBSD

Advisories for qbik

CVE-1999-0290 MEDIUM

The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate *
CVE-1999-0291 HIGH

The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate *
CVE-1999-0441 MEDIUM

Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate 3.0
CVE-2000-1048 MEDIUM

Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate 4.0.1
qbik wingate 4.1_beta_a
qbik wingate 3.0
qbik wingate 2.1
CVE-2004-0577 MEDIUM

WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate 6.0_beta_2
qbik wingate 5.2.3
qbik wingate 5.0.5
CVE-2004-0578 MEDIUM

WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate 6.0_beta_2
qbik wingate 5.2.3
qbik wingate 5.0.5
CVE-2004-0789 MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
posadis posadis m5pre1
dnrd dnrd 2.3
axis 2110_network_camera 2.32
dnrd dnrd 2.7
pliant pliant_dns_server *
axis 2120_network_camera 2.41
axis 2100_network_camera 2.34
posadis posadis 0.50.8
axis 2400_video_server 3.11
axis 2120_network_camera 2.30
posadis posadis 0.50.9
axis 2120_network_camera 2.12
axis 2420_network_camera 2.32
delegate delegate 7.7.1
qbik wingate 3.0
axis 2420_network_camera 2.12
dnrd dnrd 2.1
posadis posadis 0.50.5
axis 2400_video_server 3.12
axis 2100_network_camera 2.40
axis 2100_network_camera 2.41
axis 2120_network_camera 2.31
axis 2110_network_camera 2.30
axis 2420_network_camera 2.41
qbik wingate 4.1_beta_a
axis 2100_network_camera 2.12
qbik wingate 6.0.1_build_993
delegate delegate 8.9.3
posadis posadis 0.60.1
delegate delegate 8.9
axis 2100_network_camera 2.01
axis 2420_network_camera 2.40
axis 2420_network_camera 2.33
axis 2420_network_camera 2.30
dnrd dnrd 1.0
delegate delegate 8.9.1
delegate delegate 7.8.0
dnrd dnrd 1.1
delegate delegate 7.8.1
delegate delegate 8.4.0
delegate delegate 7.9.11
axis 2110_network_camera 2.34
maradns maradns 0.5.28
dnrd dnrd 2.9
dnrd dnrd 1.4
dnrd dnrd 2.10
posadis posadis 0.50.7
don_moore mydns 0.10.0
delegate delegate 8.5.0
dnrd dnrd 2.0
posadis posadis 0.50.4
posadis posadis 0.60.0
qbik wingate 6.0.1_build_995
axis 2420_network_camera 2.34
dnrd dnrd 2.4
axis 2100_network_camera 2.33
axis 2110_network_camera 2.31
axis 2100_network_camera 2.30
dnrd dnrd 1.2
axis 2110_network_camera 2.40
axis 2120_network_camera 2.40
axis 2110_network_camera 2.12
delegate delegate 8.9.2
team_johnlong raidendnsd *
axis 2100_network_camera 2.0
qbik wingate 6.0
posadis posadis 0.50.6
delegate delegate 8.3.3
axis 2460_network_dvr 3.12
axis 2100_network_camera 2.02
axis 2120_network_camera 2.32
axis 2100_network_camera 2.31
dnrd dnrd 1.3
dnrd dnrd 2.5
qbik wingate 4.0.1
maradns maradns 0.5.31
axis 2401_video_server 3.12
don_moore mydns 0.7
axis 2110_network_camera 2.41
maradns maradns 0.8.05
maradns maradns 0.5.30
delegate delegate 8.9.4
delegate delegate 8.9.5
dnrd dnrd 2.2
delegate delegate 8.3.4
posadis posadis m5pre2
delegate delegate 7.7.0
dnrd dnrd 2.6
don_moore mydns 0.6
axis 2120_network_camera 2.34
axis 2420_network_camera 2.31
don_moore mydns 0.9
delegate delegate 7.8.2
don_moore mydns 0.8
axis 2100_network_camera 2.32
axis 2100_network_camera 2.03
maradns maradns 0.5.29
dnrd dnrd 2.8
CVE-2006-2917 MEDIUM

Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate 6.1.3.1096
qbik wingate 6.1.2.1094
CVE-2006-2926 HIGH

Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qbik wingate 6.1.1.1077
CVE-2020-13866 HIGH

WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
qbik wingate 9.4.1.5998