Published: 11/08/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 up to and including 3.3.03.053 allows remote malicious users to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.

Vulnerable Product	Search on Vulmon	Subscribe to Product
barracuda networks barracuda spam firewall 3.3.01.001
barracuda networks barracuda spam firewall 3.3.03.053

Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High (Sensitive Information Disclosure) Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3301001 to 3303053 Discovered by: Greg Sinclair Credits: Matthew Hall Update: 07 August 2006 Updated by: PATz ################################################ ...

Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High (Sensitive Information Disclosure) Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3301001 to 3303053 Discovered by: Greg Sinclair (gssincla@nnlsoftwarecom) Discovered on: 29 May 2006 Overview: Barracuda Spam Firewalls (wwwbarracudanetwork ...

NVD-CWE-Other http://secunia.com/advisories/21258 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html http://www.securityfocus.com/bid/19276 http://securityreason.com/securityalert/1363 https://exchange.xforce.ibmcloud.com/vulnerabilities/28234 http://www.securityfocus.com/archive/1/442249/100/0/threaded http://www.securityfocus.com/archive/1/442132/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/2145/

CVE-2006-4081

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect