CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0971
https://notcve.org/view.php?id=CVE-2008-0971
19 Dec 2008 — Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (... • http://dcsl.ul.ie/advisories/03.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1094 – Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-1094
19 Dec 2008 — SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Una vulnerabilidad de inyección SQL en index.cgi en la página de visión de cuentas en Barracuda Spam Firewall (BSF) antes de 3.5.12.007, permite a administradores remotos autenticados ejecutar comandos arbitrarios S... • https://www.exploit-db.com/exploits/7496 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2008-2333 – Barracuda Spam Firewall 3.5.11 - 'ldap_test.cgi' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2333
23 May 2008 — Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados enl dap_test.cgi en Barracuda Spam Firewall (BSF) anteriores a 3.5.11.025, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "email". • https://www.exploit-db.com/exploits/31828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5058
https://notcve.org/view.php?id=CVE-2007-5058
24 Sep 2007 — Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. Una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz de administración Web en Barracuda Spam Firewall versiones de firmware anteriores a 3.5.10.016, permite a atacantes remotos inyectar... • http://osvdb.org/38156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 59EXPL: 1CVE-2007-1673
https://notcve.org/view.php?id=CVE-2007-1673
09 May 2007 — unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 15%CPEs: 10EXPL: 2CVE-2007-1669 – ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-1669
09 May 2007 — zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. zoo decoder versión 2.10 (zoo-2.10), tal como se utiliza en múltiples productos, incluyendo (1) Barracuda Spam Firewall ve... • https://www.exploit-db.com/exploits/3851 •
CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 2CVE-2006-4081 – Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-4081
11 Aug 2006 — preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta 3.3.03.053 permite a atacantes remotos ejecutar comandos mediante metacaracteres de línea de comandos ("|" símbolo de tubería) en el parámetro file. NOTA: el ataque... • https://www.exploit-db.com/exploits/2136 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4082
https://notcve.org/view.php?id=CVE-2006-4082
11 Aug 2006 — Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. Barracuda Spam Firewall (BSF), posiblemente 3.3.03.053, contiene una contraseña fija para la cuenta de administración para accesos desde 127.0.0.1 (localhost), lo cual permite a usuarios locales obtener privilegios. • http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html •
CVSS: 6.5EPSS: 4%CPEs: 3EXPL: 2CVE-2006-4000 – Barracuda Spam Firewall 3.3.x - 'preview_email.cgi?file' Arbitrary File Access
https://notcve.org/view.php?id=CVE-2006-4000
05 Aug 2006 — Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Vulnerabilidad de salto de directorio en cgi-bin/preview_email.cgi en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 permite a usuarios remotos validados leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro file. • https://www.exploit-db.com/exploits/28321 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2006-4001
https://notcve.org/view.php?id=CVE-2006-4001
05 Aug 2006 — Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. Login.pm en Barracuda Spam Firewall (BSF) 3.3.01.001 hasta la 3.3.03.053 contiene un cosntraseña fuertemente codificada para la cuenta de invitado, lo cual permite que atacantes remotos puedan leer información sensible como el log del e-mail, y posible... • http://secunia.com/advisories/21258 •