Barracuda Networks

Barracuda Spam Firewall

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2008-1094

Exploit
  • EPSS 0.49%
  • Veröffentlicht 19.12.2008 17:30:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals actio...

3.5

CVE-2008-0971

  • EPSS 0.34%
  • Veröffentlicht 19.12.2008 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow...

4.3

CVE-2008-2333

  • EPSS 0.8%
  • Veröffentlicht 23.05.2008 15:32:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

4.3

CVE-2007-5058

  • EPSS 0.65%
  • Veröffentlicht 24.09.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not ...

7.8

CVE-2007-1673

Exploit
  • EPSS 1.32%
  • Veröffentlicht 09.05.2007 01:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.5

CVE-2006-4081

  • EPSS 10.09%
  • Veröffentlicht 11.08.2006 10:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by ...

7.2

CVE-2006-4082

  • EPSS 0.08%
  • Veröffentlicht 11.08.2006 10:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.

4

CVE-2006-4000

Exploit
  • EPSS 4.01%
  • Veröffentlicht 05.08.2006 01:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

7.5

CVE-2006-4001

Exploit
  • EPSS 1.41%
  • Veröffentlicht 05.08.2006 01:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin ...

7.5

CVE-2005-2847

Exploit
  • EPSS 87.05%
  • Veröffentlicht 08.09.2005 10:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.