Barracuda Networks » Barracuda Spam Firewall : Security Vulnerabilities, CVEs, CVSS score >= 5
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
Max CVSS
6.5
EPSS Score
0.17%
Published
2008-12-19
Updated
2018-10-11
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Max CVSS
7.8
EPSS Score
4.11%
Published
2007-05-09
Updated
2018-10-16
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-08-11
Updated
2018-10-17
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
Max CVSS
7.5
EPSS Score
13.40%
Published
2006-08-11
Updated
2018-10-17
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
Max CVSS
7.5
EPSS Score
1.88%
Published
2006-08-05
Updated
2018-10-17
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
Max CVSS
6.4
EPSS Score
0.34%
Published
2005-09-08
Updated
2016-10-18
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
Max CVSS
5.0
EPSS Score
46.79%
Published
2005-09-08
Updated
2017-07-11
CVE-2005-2847
Public exploit
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
Max CVSS
7.5
EPSS Score
97.03%
Published
2005-09-08
Updated
2016-10-18
Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.
Max CVSS
7.5
EPSS Score
0.40%
Published
2005-05-02
Updated
2017-07-11
9 vulnerabilities found