McAfee E-Business Server guards sensitive corporate data with industry-standard PGP 128-bit encryption and authentication. McAfee E-Business Server supports a variety of platforms and security certificates.
During an audit of McAfee E-Business Server, we have discovered a vulnerability in the administration interface (TCP port 1718).
It is possible to crash McAfee E-Business Server during the authentication process.
McAfee further researched the vulnerability and confirmed that it also allows an attacker to execute code remotely.

Enterprise Security Analyzer (ESA) from eIQnetworks (http://www.eIQnetworks.com) is a Security Information Management (SIM) solution that provides security intelligence across the enterprise.
During an audit of Enterprise Security Analyzer, multiple remote buffer overflows have been discovered in the ESA server (TCP port 10616).
Specially crafted ESA requests can lead to various stack and heap overflows.

During security analysis of POP3 protocol in various e-mail server software products INFIGO IS research team discovered a critical vulnerability in the MDaemon e-mail server software.
After successful exploitation, remote attacker can take complete control of the vulnerable e-mail server. Nature of the e-mail and POP3 protocol which are often accessible not only form internal network, but from the Internet furthermore increases severity of the problem.
With assistance of INFIGO IS, the vendor has released a new version of MDaemon e-mail server which eliminates the vulnerability.

Infigo IS released a simple GUI FTP fuzzer which can be downloaded from http://www.infigo.hr/en/in_focus/tools. An announcement which was posted to the multiple security groups included overview of several vulnerabilities discovered with the Fuzzer.
This advisory is published due to some misinterpretations in further reposts discussing vulnerabilities discovered.
Vulnerabilities described in this advisory were found in the following FTP server software products:
- ArgoSoft FTP Server
- Golden FTP Server
- Filezilla
- War FTP Daemon
- Guild FTP Server

The INFIGO IS research team audited the PHP interpreter code and more than 20 vulnerabilities in PHP4 and PHP5 have been discovered. Most of them have been reported and fixed.
However, several vulnerabilities are still present in current PHP 4 and PHP 5 versions. During the last two months the vendor has been contacted several times but no official response has been received. At the moment no official patches are available.