CVE-2006-4081

Barracuda Spam Firewall (BSF) <3.3.03.053 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4081. PoCs published by PATz, Greg Sinclair.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Barracuda Spam Firewall to disclose arbitrary files and execute system commands via the `preview_email.cgi` script. The PoC demonstrates command injection and file disclosure without authentication.

Description

preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.

Exploits (2)

exploitdb WORKING POC VERIFIED
by PATz · textremotehardware
https://www.exploit-db.com/exploits/2145

This exploit leverages a path traversal vulnerability in Barracuda Spam Firewall to disclose arbitrary files and execute system commands via the `preview_email.cgi` script. The PoC demonstrates command injection and file disclosure without authentication.

Classification
Working Poc 95%
Attack Type
Rce | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Greg Sinclair · textremotehardware
https://www.exploit-db.com/exploits/2136

This exploit demonstrates arbitrary file disclosure and command execution in Barracuda Spam Firewall via improper parameter sanitation in the preview_email.cgi script. It leverages directory traversal to access sensitive files and execute commands.

Classification
Working Poc 95%
Attack Type
Info Leak | Rce
Complexity
Trivial
Reliability
Reliable
Target: Barracuda Spam Firewall versions 3.3.01.001 to 3.3.03.053
Auth required
Prerequisites: Access to the Barracuda web interface · Valid user credentials or exploitation of the hardcoded guest password vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21258
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19276
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28234
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442132/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442249/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1363
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html

Scores

EPSS 0.0420
EPSS Percentile 89.7%

Details

Status published
Products (2)
barracuda_networks/barracuda_spam_firewall 3.3.01.001
barracuda_networks/barracuda_spam_firewall 3.3.03.053
Published Aug 11, 2006
Tracked Since Feb 18, 2026