October last year, I had a quick look at the Octogate UTM (virtual) Appliance, which is an Application Firewall, Deep Inspection Firewall, Intrusion Detection and Prevention device for SMB.
Because of limited spare time, I stopped after I discovered the first vulnerability. In this case, I was able to access all configuration files and scripts, inside and outside of the webroot, with the privileges of the httpd, without authentication.
Today, after approx 10 month, I decided to clean up my HDD, and to publish an Advisory, which you can find here: http://www.oliverkarow.de/research/octogate.txt
One little step into a more secure world đ