CVE-2006-4081 – Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-4081
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta 3.3.03.053 permite a atacantes remotos ejecutar comandos mediante metacaracteres de línea de comandos ("|" símbolo de tubería) en el parámetro file. NOTA: el ataque puede extenderse a comandos de su elección por la presencia de CVE-2006-4000. • https://www.exploit-db.com/exploits/2136 https://www.exploit-db.com/exploits/2145 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html http://secunia.com/advisories/21258 http://securityreason.com/securityalert/1363 http://www.securityfocus.com/archive/1/442132/100/0/threaded http://www.securityfocus.com/archive/1/442249/100/0/threaded http://www.securityfocus.com/bid/19276 https://exchange.xforce.ibmcloud.com/vulnerabilities/28234 •
CVE-2006-4000 – Barracuda Spam Firewall 3.3.x - 'preview_email.cgi?file' Arbitrary File Access
https://notcve.org/view.php?id=CVE-2006-4000
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro file. • https://www.exploit-db.com/exploits/28321 http://secunia.com/advisories/21258 http://www.securityfocus.com/archive/1/441861/100/0/threaded http://www.securityfocus.com/bid/19276 http://www.vupen.com/english/advisories/2006/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/28214 •
CVE-2006-4001
https://notcve.org/view.php?id=CVE-2006-4001
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. Login.pm en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 contiene un cosntraseña fuertemente codificada para la cuenta de invitado, lo cual permite que atacantes remotos puedan leer información sensible como el log del e-mail, y posiblemente los contenidos del e-mail y la contraseña de admin. • http://secunia.com/advisories/21258 http://www.securityfocus.com/archive/1/441857/100/0/threaded http://www.securityfocus.com/archive/1/442039/100/0/threaded http://www.securityfocus.com/bid/19276 http://www.vupen.com/english/advisories/2006/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/28213 •