CVE-2006-4082
https://notcve.org/view.php?id=CVE-2006-4082
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. Barracuda Spam Firewall (BSF), posiblemente 3.3.03.053, contiene una contraseña fija para la cuenta de administración para accesos desde 127.0.0.1 (localhost), lo cual permite a usuarios locales obtener privilegios. • http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html http://secunia.com/advisories/21258 http://securityreason.com/securityalert/1363 http://www.kb.cert.org/vuls/id/199348 http://www.osvdb.org/29780 http://www.securityfocus.com/archive/1/442249/100/0/threaded http://www.securityfocus.com/bid/19276 https://exchange.xforce.ibmcloud.com/vulnerabilities/28235 •
CVE-2006-4000 – Barracuda Spam Firewall 3.3.x - 'preview_email.cgi?file' Arbitrary File Access
https://notcve.org/view.php?id=CVE-2006-4000
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro file. • https://www.exploit-db.com/exploits/28321 http://secunia.com/advisories/21258 http://www.securityfocus.com/archive/1/441861/100/0/threaded http://www.securityfocus.com/bid/19276 http://www.vupen.com/english/advisories/2006/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/28214 •
CVE-2006-4001
https://notcve.org/view.php?id=CVE-2006-4001
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. Login.pm en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 contiene un cosntraseña fuertemente codificada para la cuenta de invitado, lo cual permite que atacantes remotos puedan leer información sensible como el log del e-mail, y posiblemente los contenidos del e-mail y la contraseña de admin. • http://secunia.com/advisories/21258 http://www.securityfocus.com/archive/1/441857/100/0/threaded http://www.securityfocus.com/archive/1/442039/100/0/threaded http://www.securityfocus.com/bid/19276 http://www.vupen.com/english/advisories/2006/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/28213 •
CVE-2005-2848 – Barracuda Spam Firewall < 3.1.18 - Command Execution
https://notcve.org/view.php?id=CVE-2005-2848
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. • https://www.exploit-db.com/exploits/1236 http://marc.info/?l=bugtraq&m=112560044813390&w=2 http://secunia.com/advisories/16683 http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1 http://www.securityfocus.com/bid/14710 http://www.securitytracker.com/alerts/2005/Sep/1014837.html https://exchange.xforce.ibmcloud.com/vulnerabilities/22120 •
CVE-2005-2847 – Barracuda - IMG.pl Remote Command Execution
https://notcve.org/view.php?id=CVE-2005-2847
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. • https://www.exploit-db.com/exploits/16893 https://www.exploit-db.com/exploits/1236 http://marc.info/?l=bugtraq&m=112560044813390&w=2 http://secunia.com/advisories/16683 http://www.securityfocus.com/bid/14712 http://www.securitytracker.com/alerts/2005/Sep/1014837.html http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1 http://www.nessus.org/plugins/index.php?view=single&id=19556 •