CVE-2006-4000

EXPLOITED

Barracuda Networks Barracuda Spam Firewall - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Greg Sinclair · perlwebappscgi

https://www.exploit-db.com/exploits/28321

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/19276

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28214

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/441861/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/21258

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3104

Scores

EPSS 0.0401

EPSS Percentile 88.5%

Details

VulnCheck KEV 2019-12-13

Status published

Products (3)

barracuda_networks/barracuda_spam_firewall 3.3.01.001

barracuda_networks/barracuda_spam_firewall 3.3.03.053

barracuda_networks/barracuda_spam_firewall 3.3.03.055

Published Aug 05, 2006

Tracked Since Feb 18, 2026