Sophos ES1000 Email Security Appliance delivers protection against spam, viruses, Trojans, spyware and other malware. Sophos's award-winning anti-virus engine detects all types of malware in a single, high-speed scan.
During an audit of Sophos ES1000 Email Security Appliance, a Cross Site Scripting
vulnerability was discovered in its web administration interface. Lack of input validation for 'error' and 'go' parameters of the 'Login' script can be exploited by a malicious user to steal Sophos ES1000 Email Security Appliance administrator credentials, and shut down the appliance, or change its configuration.

McAfee E-Business Server guards sensitive corporate data with industry-standard PGP 128-bit encryption and authentication. McAfee E-Business Server supports a variety of platforms and security certificates.
During an audit of McAfee E-Business Server, we have discovered a vulnerability in the administration interface (TCP port 1718).
It is possible to crash McAfee E-Business Server during the authentication process.
McAfee further researched the vulnerability and confirmed that it also allows an attacker to execute code remotely.

Enterprise Security Analyzer (ESA) from eIQnetworks (http://www.eIQnetworks.com) is a Security Information Management (SIM) solution that provides security intelligence across the enterprise.
During an audit of Enterprise Security Analyzer, multiple remote buffer overflows have been discovered in the ESA server (TCP port 10616).
Specially crafted ESA requests can lead to various stack and heap overflows.

During security analysis of POP3 protocol in various e-mail server software products INFIGO IS research team discovered a critical vulnerability in the MDaemon e-mail server software.
After successful exploitation, remote attacker can take complete control of the vulnerable e-mail server. Nature of the e-mail and POP3 protocol which are often accessible not only form internal network, but from the Internet furthermore increases severity of the problem.
With assistance of INFIGO IS, the vendor has released a new version of MDaemon e-mail server which eliminates the vulnerability.

Infigo IS released a simple GUI FTP fuzzer which can be downloaded from http://www.infigo.hr/en/in_focus/tools. An announcement which was posted to the multiple security groups included overview of several vulnerabilities discovered with the Fuzzer.
This advisory is published due to some misinterpretations in further reposts discussing vulnerabilities discovered.
Vulnerabilities described in this advisory were found in the following FTP server software products:
- ArgoSoft FTP Server
- Golden FTP Server
- Filezilla
- War FTP Daemon
- Guild FTP Server