Vulnerabilities > Barracuda Networks > Barracuda Spam Firewall

DATE CVE VULNERABILITY TITLE RISK
2008-12-19 CVE-2008-1094 SQL Injection vulnerability in Barracuda Networks Barracuda Spam Firewall
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
network
low complexity
barracuda-networks CWE-89
6.5
2008-12-19 CVE-2008-0971 Cross-Site Scripting vulnerability in Barracuda Networks products
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.
3.5
2008-05-23 CVE-2008-2333 Cross-Site Scripting vulnerability in Barracuda Networks Barracuda Spam Firewall
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
4.3
2007-09-24 CVE-2007-5058 Cross-Site Scripting vulnerability in Barracuda Networks Barracuda Spam Firewall
Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.
4.3
2007-05-09 CVE-2007-1673 Resource Management Errors vulnerability in multiple products
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
7.8
2007-05-09 CVE-2007-1669 Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
network
low complexity
barracuda-networks amavis
7.8
2006-08-11 CVE-2006-4082 Local Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.3.03.053
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
local
low complexity
barracuda-networks
7.2
2006-08-11 CVE-2006-4081 Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter.
network
low complexity
barracuda-networks
7.5
2006-08-05 CVE-2006-4001 Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053/3.3.03.055
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
network
low complexity
barracuda-networks
7.5
2006-08-05 CVE-2006-4000 Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053/3.3.03.055
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
barracuda-networks
4.0