Wingate

wingate

Vendor: Qbik • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-13866 1Qbik 1Wingate Nov 21, 2024 Jun 8, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVE-2009-0802 1Qbik 1Wingate Apr 23, 2026 Mar 4, 2009 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably...Show more Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.Show less
CVE-2008-3606 1Qbik 1Wingate Apr 23, 2026 Aug 12, 2008 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long arg...Show more Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-4335 1Qbik 1Wingate Apr 23, 2026 Aug 14, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected co...Show more Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging.Show less
CVE-2006-4518 1Qbik 1Wingate Apr 23, 2026 Nov 28, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
CVE-2006-2917 1Qbik 1Wingate Apr 16, 2026 Jul 10, 2006 N/A· v4 N/A· v3 5.5 MEDIUM· v2 Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform u...Show more Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.Show less
CVE-2006-2926 1Qbik 1Wingate Apr 16, 2026 Jun 9, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2004-0789 9Axis DelegateDnrd+6 more 152100 Network Camera 2110 Network Camera2120 Network Camera+12 more Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2...Show more Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.Show less
CVE-2004-0578 1Qbik 1Wingate Apr 16, 2026 Dec 6, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
CVE-2004-0577 1Qbik 1Wingate Apr 16, 2026 Dec 6, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
CVE-2000-1048 1Qbik 1Wingate Apr 16, 2026 Dec 11, 2000 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in...Show more Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.Show less
CVE-1999-0441 1Qbik 1Wingate Apr 16, 2026 Feb 22, 1999 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
CVE-1999-0291 1Qbik 1Wingate Apr 16, 2026 Feb 1, 1999 N/A· v4 N/A· v3 7.5 HIGH· v2 The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
CVE-1999-0290 1Qbik 1Wingate Apr 16, 2026 Feb 21, 1998 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.