CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0971 – Barracuda Message Archiver
https://notcve.org/view.php?id=CVE-2008-0971
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en index.cgi en Barracuda Spam Firewall (BSF) anterior a 3.5.12.007, Message Archiver anterior a 1.2.1.002, Web Filter anterior a 3.3.0.052, IM Firewall anterior a 3.1.01.017, y Load Balancer anterior a 2.3.024 permiten a atacantes remotos inyectar HTML o secuencias de comandos web arbitrarias a través de: (1) El campo nombre de política en la opción Buscar Política de Retención en Message Archiver Y a través de parámetros sin especificar en el (2) la configuración de la IP, (3) Administración (4), Journal Accounts (5), política de retención, y (6) Componentes GroupWise Sync en Message Archiver También a través de (7) la introducción de datos en operaciones de búsqueda en Web Filter, y (8) la entrada utilizada en los mensajes de error y (9) en los elementos INPUT escondidos en (a) Spam Firewall, (b) IM Firewall, y (c) Web Filter. The Barracuda Networks Message Archiver product is vulnerable to persistent and reflect cross site scripting attacks. • http://dcsl.ul.ie/advisories/03.htm http://secunia.com/advisories/33164 http://securityreason.com/securityalert/4792 http://securitytracker.com/id?1021454 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.osvdb.org/50709 http://www.securityfocus.com/archive/1/499294/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1094 – Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-1094
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Una vulnerabilidad de inyección SQL en index.cgi en la página de visión de cuentas en Barracuda Spam Firewall (BSF) antes de 3.5.12.007, permite a administradores remotos autenticados ejecutar comandos arbitrarios SQL a través de un parámetro pattern_x en la acción search_count_equals, como lo demuestra el parámetro pattern_0. The Barracuda Networks Spam Firewall is vulnerable to various remote SQL injection attacks. • https://www.exploit-db.com/exploits/7496 http://dcsl.ul.ie/advisories/02.htm http://secunia.com/advisories/33164 http://securityreason.com/securityalert/4793 http://securitytracker.com/id?1021455 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.securityfocus.com/archive/1/499293/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2008-2333 – Barracuda Spam Firewall 3.5.11 - 'ldap_test.cgi' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2333
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados enl dap_test.cgi en Barracuda Spam Firewall (BSF) anteriores a 3.5.11.025, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "email". The Barracuda Spam Firewall device web administration interface is vulnerable to a reflected cross site scripting vulnerability which may allow theft of administrative credentials or downloading of malicious content. IRM confirmed the presence of this vulnerability in Barracuda Spam Firewall 600 Firmware 3.5.11.020. The vendor has confirmed the issue exists in all versions prior to 3.5.11.025. • https://www.exploit-db.com/exploits/31828 http://secunia.com/advisories/30362 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.irmplc.com/index.php/168-Advisory-027 http://www.securityfocus.com/archive/1/492475/100/0/threaded http://www.securityfocus.com/bid/29340 http://www.securitytracker.com/id?1020108 http://www.vupen.com/english/advisories/2008/1627/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 0CVE-2007-5058
https://notcve.org/view.php?id=CVE-2007-5058
Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. Una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz de administración Web en Barracuda Spam Firewall versiones de firmware anteriores a 3.5.10.016, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo username en un intento de inicio de sesión, que no es manejado apropiadamente cuando la pantalla Monitor Web Syslog está abierta. • http://osvdb.org/38156 http://secunia.com/advisories/26937 http://securityreason.com/securityalert/3164 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.infobyte.com.ar/adv/ISR-15.html http://www.securityfocus.com/archive/1/480238/100/0/threaded http://www.securityfocus.com/bid/25757 http://www.securitytracker.com/id?1018733 http://www.vupen.com/english/advisories/2007/3257 https://exchange.xforce.ibmcloud.com/vulnerabilities/36716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 14%CPEs: 10EXPL: 2CVE-2007-1669 – ZOO - '.ZOO' Decompression Infinite Loop Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-1669
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. zoo decoder versión 2.10 (zoo-2.10), tal como se utiliza en múltiples productos, incluyendo (1) Barracuda Spam Firewall versión 3.4 y posterior con virusdef anterior a la versión 2.0.6399, (2) Spam Firewall anterior a la versión 3.4 20070319 con virusdef anterior a 2.0.6399o, y (3) AmaViS versión 2.4.1 y anteriores, permite a atacantes remotos generar una denegación de servicio (bucle infinito) por medio del componente ZOO Archive con una estructura direntry que apunta hacia un archivo anterior. • https://www.exploit-db.com/exploits/3851 http://secunia.com/advisories/25122 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.attrition.org/pipermail/vim/2007-July/001725.html http://www.osvdb.org/35795 http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 http://www.vupen.com/english/advisories/2007/1699 https://exchange.xforce.ibmcl •