Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Barracuda_spam_firewall
(Barracuda_networks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-09-24 | CVE-2007-5058 | Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. | Barracuda_spam_firewall | N/A | ||
| 2007-05-08 | CVE-2007-1673 | unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | Amavis, Avast_antivirus, Avast_antivirus_home, Avast_antivirus_professional, Antivir, Antivir_personal, Barracuda_spam_firewall, Panda_antivirus, Panda_antivirus_and_firewall, Picozip, Zoo, Unzoo, Winace | N/A | ||
| 2006-08-11 | CVE-2006-4082 | Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. | Barracuda_spam_firewall | N/A | ||
| 2006-08-11 | CVE-2006-4081 | preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. | Barracuda_spam_firewall | N/A | ||
| 2006-08-04 | CVE-2006-4001 | Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. | Barracuda_spam_firewall | N/A | ||
| 2006-08-04 | CVE-2006-4000 | Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | Barracuda_spam_firewall | N/A | ||
| 2005-09-08 | CVE-2005-2849 | Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | Barracuda_spam_firewall | N/A | ||
| 2005-09-08 | CVE-2005-2848 | Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | Barracuda_spam_firewall | N/A | ||
| 2005-09-08 | CVE-2005-2847 | img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | Barracuda_spam_firewall | N/A | ||
| 2005-05-02 | CVE-2005-0431 | Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. | Barracuda_spam_firewall | N/A |