Published: 19/12/2008 Updated: 11/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) prior to 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
barracuda networks barracuda spam firewall

CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Spam Firewall is vulnerable to various SQL Injection attacks When exploited by an authenticated user, the ide ...

The Barracuda Networks Spam Firewall is vulnerable to various remote SQL injection attacks ...

CWE-89 http://www.barracudanetworks.com/ns/support/tech_alert.php http://securitytracker.com/id?1021455 http://secunia.com/advisories/33164 http://dcsl.ul.ie/advisories/02.htm http://securityreason.com/securityalert/4793 https://www.exploit-db.com/exploits/7496 http://www.securityfocus.com/archive/1/499293/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/7496/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1094

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect