CVE-2006-4000 – Barracuda Spam Firewall 3.3.x - 'preview_email.cgi?file' Arbitrary File Access
https://notcve.org/view.php?id=CVE-2006-4000
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro file. • https://www.exploit-db.com/exploits/28321 http://secunia.com/advisories/21258 http://www.securityfocus.com/archive/1/441861/100/0/threaded http://www.securityfocus.com/bid/19276 http://www.vupen.com/english/advisories/2006/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/28214 •
CVE-2006-4001
https://notcve.org/view.php?id=CVE-2006-4001
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. Login.pm en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 contiene un cosntraseña fuertemente codificada para la cuenta de invitado, lo cual permite que atacantes remotos puedan leer información sensible como el log del e-mail, y posiblemente los contenidos del e-mail y la contraseña de admin. • http://secunia.com/advisories/21258 http://www.securityfocus.com/archive/1/441857/100/0/threaded http://www.securityfocus.com/archive/1/442039/100/0/threaded http://www.securityfocus.com/bid/19276 http://www.vupen.com/english/advisories/2006/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/28213 •