Vulnerabilities > Barracuda Networks > Barracuda Spam Firewall > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-19 | CVE-2008-1094 | SQL Injection vulnerability in Barracuda Networks Barracuda Spam Firewall SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. | 6.5 |
| 2008-05-23 | CVE-2008-2333 | Cross-Site Scripting vulnerability in Barracuda Networks Barracuda Spam Firewall Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 4.3 |
| 2007-09-24 | CVE-2007-5058 | Cross-Site Scripting vulnerability in Barracuda Networks Barracuda Spam Firewall Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. | 4.3 |
| 2006-08-05 | CVE-2006-4000 | Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053/3.3.03.055 Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2005-09-08 | CVE-2005-2849 | Remote Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | 6.4 |
| 2005-09-08 | CVE-2005-2848 | Remote Directory Traversal vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. | 5.0 |