Barracuda Spam Firewall

barracuda_spam_firewall

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-1094 1Barracuda Networks 1Barracuda Spam Firewall Apr 23, 2026 Dec 19, 2008 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter...Show more SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.Show less
CVE-2008-0971 1Barracuda Networks 5Barracuda Im Firewall Barracuda Load BalancerBarracuda Message Archiver+2 more Apr 23, 2026 Dec 19, 2008 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load...Show more Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.Show less
CVE-2008-2333 1Barracuda Networks 1Barracuda Spam Firewall Apr 23, 2026 May 23, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2007-5058 1Barracuda Networks 1Barracuda Spam Firewall Apr 23, 2026 Sep 24, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in...Show more Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.Show less
CVE-2007-1673 9Amavis Avas!tAvira+6 more 13Amavis AntivirAntivir Personal+10 more Apr 23, 2026 May 9, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
CVE-2006-4082 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Aug 11, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
CVE-2006-4081 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Aug 11, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("\|" pipe symbol) in the file parameter. NOTE: the attack can be exte...Show more preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("\|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.Show less
CVE-2006-4001 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Aug 5, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly...Show more Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.Show less
CVE-2006-4000 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Aug 5, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file param...Show more Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.Show less
CVE-2005-2849 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Sep 8, 2005 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file exi...Show more Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.Show less
CVE-2005-2848 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Sep 8, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
CVE-2005-2847 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 Sep 8, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2005-0431 1Barracuda Networks 1Barracuda Spam Firewall Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.