Barracuda Networks » Barracuda Spam Firewall : Security Vulnerabilities, CVEs, Published In 2006
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-08-11
Updated
2018-10-17
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
Max CVSS
7.5
EPSS Score
13.40%
Published
2006-08-11
Updated
2018-10-17
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
Max CVSS
7.5
EPSS Score
1.88%
Published
2006-08-05
Updated
2018-10-17
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
4.0
EPSS Score
1.05%
Published
2006-08-05
Updated
2018-10-17
4 vulnerabilities found