VYPR

Barracuda Spam Firewall

by Barracuda Networks

CVEs (15)

  • CVE-2005-2847Sep 8, 2005
    risk 0.07cvss epss 0.53

    img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

  • CVE-2007-1669May 9, 2007
    risk 0.04cvss epss 0.12

    zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a…

  • CVE-2005-2848Sep 8, 2005
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

  • CVE-2008-1094Dec 19, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the…

  • CVE-2008-2333May 23, 2008
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

  • CVE-2006-4081Aug 11, 2006
    risk 0.03cvss epss 0.04

    preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.

  • CVE-2006-4000Aug 5, 2006
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2004-0234Aug 18, 2004
    risk 0.01cvss epss 0.10

    Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the…

  • CVE-2008-0971Dec 19, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject…

  • CVE-2007-5058Sep 24, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the…

  • CVE-2007-1673May 9, 2007
    risk 0.00cvss epss 0.03

    unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

  • CVE-2006-4082Aug 11, 2006
    risk 0.00cvss epss 0.00

    Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.

  • CVE-2006-4001Aug 5, 2006
    risk 0.00cvss epss 0.02

    Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.

  • CVE-2005-2849Sep 8, 2005
    risk 0.00cvss epss 0.01

    Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi)…

  • CVE-2005-0431May 2, 2005
    risk 0.00cvss epss 0.01

    Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.