CVE-2014-8426
https://notcve.org/view.php?id=CVE-2014-8426
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Existen credenciales débiles embebidas en Barracuda Load Balancer 5.0.0.015. • http://packetstormsecurity.com/files/130027/Barracuda-Load-Balancer-ADC-Key-Recovery-Password-Reset.html http://seclists.org/fulldisclosure/2015/Jan/76 • CWE-798: Use of Hard-coded Credentials •
CVE-2014-8428
https://notcve.org/view.php?id=CVE-2014-8428
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Existe una vulnerabilidad de escalado de privilegios en Barracuda Load Balancer 5.0.0.015 mediante el uso de una clave SSH protegida incorrectamente. • http://packetstormsecurity.com/files/130027/Barracuda-Load-Balancer-ADC-Key-Recovery-Password-Reset.html http://seclists.org/fulldisclosure/2015/Jan/76 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-2595 – Barracuda Web Application Firewall - Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. Barracuda Web Application Firewall (WAF) versión 7.8.1.013, permite a atacantes remotos omitir la autenticación mediante el aprovechamiento un token de autenticación permanente obtenido desde una cadena de consulta. It is possible to re-use a link which includes a non-expiring authentication token in the query string to gain access to the interface of the Barracuda Web Application Firewall (WAF) firmware version 7.8.1.013. • https://www.exploit-db.com/exploits/39278 http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html http://seclists.org/fulldisclosure/2014/Aug/5 http://www.osvdb.org/109782 https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595 https://www.securityfocus.com/bid/69028 • CWE-613: Insufficient Session Expiration •
CVE-2008-0971 – Barracuda Message Archiver
https://notcve.org/view.php?id=CVE-2008-0971
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en index.cgi en Barracuda Spam Firewall (BSF) anterior a 3.5.12.007, Message Archiver anterior a 1.2.1.002, Web Filter anterior a 3.3.0.052, IM Firewall anterior a 3.1.01.017, y Load Balancer anterior a 2.3.024 permiten a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarias a través de: (1) El campo nombre de política en la opción Buscar Política de Retención en Message Archiver Y a través de parámetros sin especificar en el (2) la configuración de la IP, (3) Administración (4), Journal Accounts (5), política de retención, y (6) Componentes GroupWise Sync en Message Archiver También a través de (7) la introducción de datos en operaciones de búsqueda en Web Filter, y (8) la entrada utilizada en los mensajes de error y (9) en los elementos INPUT escondidos en (a) Spam Firewall, (b) IM Firewall, y (c) Web Filter. The Barracuda Networks Message Archiver product is vulnerable to persistent and reflect cross site scripting attacks. • http://dcsl.ul.ie/advisories/03.htm http://secunia.com/advisories/33164 http://securityreason.com/securityalert/4792 http://securitytracker.com/id?1021454 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.osvdb.org/50709 http://www.securityfocus.com/archive/1/499294/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1094 – Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-1094
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Una vulnerabilidad de inyección SQL en index.cgi en la página de visión de cuentas en Barracuda Spam Firewall (BSF) antes de 3.5.12.007, permite a administradores remotos autenticados ejecutar comandos arbitrarios SQL a través de un parámetro pattern_x en la acción search_count_equals, como lo demuestra el parámetro pattern_0. The Barracuda Networks Spam Firewall is vulnerable to various remote SQL injection attacks. • https://www.exploit-db.com/exploits/7496 http://dcsl.ul.ie/advisories/02.htm http://secunia.com/advisories/33164 http://securityreason.com/securityalert/4793 http://securitytracker.com/id?1021455 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.securityfocus.com/archive/1/499293/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •