Vulnerability Details : CVE-2006-2926
Public exploit exists!
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-2926
- cpe:2.3:a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2926
92.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-2926
-
Qbik WinGate WWW Proxy Server URL Processing Overflow
Disclosure Date: 2006-06-07First seen: 2020-04-26exploit/windows/proxy/qbik_wingate_wwwproxyThis module exploits a stack buffer overflow in Qbik WinGate version 6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the HTTP proxy service on port 80, a remote attacker could overflow a buffer and execute arbitrary code. Authors: - aushack <
CVSS scores for CVE-2006-2926
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-2926
-
http://www.vupen.com/english/advisories/2006/2182
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html
-
http://securitytracker.com/id?1016239
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26970
-
http://www.securityfocus.com/bid/18312
Qbik WinGate Remote HTTP Request Buffer Overflow Vulnerability
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html
Exploit
Jump to