Description
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Antunes · textdosmultiple
https://www.exploit-db.com/exploits/32195
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30606
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020644
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31442
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4146
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495264/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44370
Scores
EPSS
0.2756
EPSS Percentile
96.5%
Details
CWE
CWE-119
Status
published
Products (40)
qbik/wingate
2.0
qbik/wingate
2.1
qbik/wingate
3.0
qbik/wingate
3.0.5
qbik/wingate
4.0.1
qbik/wingate
4.1 beta_a
qbik/wingate
4.1.0
qbik/wingate
4.1.1
qbik/wingate
4.2.0
qbik/wingate
4.3.0 (3 CPE variants)
... and 30 more
Published
Aug 12, 2008
Tracked Since
Feb 18, 2026