CVE-2008-2333 – Barracuda Spam Firewall 3.5.11 - 'ldap_test.cgi' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2333
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados enl dap_test.cgi en Barracuda Spam Firewall (BSF) anteriores a 3.5.11.025, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "email". The Barracuda Spam Firewall device web administration interface is vulnerable to a reflected cross site scripting vulnerability which may allow theft of administrative credentials or downloading of malicious content. IRM confirmed the presence of this vulnerability in Barracuda Spam Firewall 600 Firmware 3.5.11.020. The vendor has confirmed the issue exists in all versions prior to 3.5.11.025. • https://www.exploit-db.com/exploits/31828 http://secunia.com/advisories/30362 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.irmplc.com/index.php/168-Advisory-027 http://www.securityfocus.com/archive/1/492475/100/0/threaded http://www.securityfocus.com/bid/29340 http://www.securitytracker.com/id?1020108 http://www.vupen.com/english/advisories/2008/1627/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5058
https://notcve.org/view.php?id=CVE-2007-5058
Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. Una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz de administración Web en Barracuda Spam Firewall versiones de firmware anteriores a 3.5.10.016, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo username en un intento de inicio de sesión, que no es manejado apropiadamente cuando la pantalla Monitor Web Syslog está abierta. • http://osvdb.org/38156 http://secunia.com/advisories/26937 http://securityreason.com/securityalert/3164 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.infobyte.com.ar/adv/ISR-15.html http://www.securityfocus.com/archive/1/480238/100/0/threaded http://www.securityfocus.com/bid/25757 http://www.securitytracker.com/id?1018733 http://www.vupen.com/english/advisories/2007/3257 https://exchange.xforce.ibmcloud.com/vulnerabilities/36716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-1673
https://notcve.org/view.php?id=CVE-2007-1673
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 • CWE-399: Resource Management Errors •
CVE-2007-1669 – ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-1669
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. zoo decoder versión 2.10 (zoo-2.10), tal como se utiliza en múltiples productos, incluyendo (1) Barracuda Spam Firewall versión 3.4 y posterior con virusdef anterior a la versión 2.0.6399, (2) Spam Firewall anterior a la versión 3.4 20070319 con virusdef anterior a 2.0.6399o, y (3) AmaViS versión 2.4.1 y anteriores, permite a atacantes remotos generar una denegación de servicio (bucle infinito) por medio del componente ZOO Archive con una estructura direntry que apunta hacia un archivo anterior. • https://www.exploit-db.com/exploits/3851 http://secunia.com/advisories/25122 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.attrition.org/pipermail/vim/2007-July/001725.html http://www.osvdb.org/35795 http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 http://www.vupen.com/english/advisories/2007/1699 https://exchange.xforce.ibmcl •
CVE-2006-4081 – Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-4081
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta 3.3.03.053 permite a atacantes remotos ejecutar comandos mediante metacaracteres de línea de comandos ("|" símbolo de tubería) en el parámetro file. NOTA: el ataque puede extenderse a comandos de su elección por la presencia de CVE-2006-4000. • https://www.exploit-db.com/exploits/2136 https://www.exploit-db.com/exploits/2145 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html http://secunia.com/advisories/21258 http://securityreason.com/securityalert/1363 http://www.securityfocus.com/archive/1/442132/100/0/threaded http://www.securityfocus.com/archive/1/442249/100/0/threaded http://www.securityfocus.com/bid/19276 https://exchange.xforce.ibmcloud.com/vulnerabilities/28234 •