Barracuda Networks : Security Vulnerabilities, CVEs, CVSS score >= 7
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Max CVSS
7.8
EPSS Score
4.11%
Published
2007-05-09
Updated
2018-10-16
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-08-11
Updated
2018-10-17
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
Max CVSS
7.5
EPSS Score
13.40%
Published
2006-08-11
Updated
2018-10-17
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
Max CVSS
7.5
EPSS Score
1.88%
Published
2006-08-05
Updated
2018-10-17
CVE-2005-2847
Public exploit
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
Max CVSS
7.5
EPSS Score
97.03%
Published
2005-09-08
Updated
2016-10-18
Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.
Max CVSS
7.5
EPSS Score
0.40%
Published
2005-05-02
Updated
2017-07-11
6 vulnerabilities found