CVE-2006-4081
Barracuda Spam Firewall (BSF) <3.3.03.053 - Command Injection
Title source: llmDescription
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by PATz · textremotehardware
https://www.exploit-db.com/exploits/2145
exploitdb
WORKING POC
VERIFIED
by Greg Sinclair · textremotehardware
https://www.exploit-db.com/exploits/2136
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21258
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19276
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28234
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442132/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442249/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1363
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0110.html
Scores
EPSS
0.1848
EPSS Percentile
95.3%
Details
Status
published
Products (2)
barracuda_networks/barracuda_spam_firewall
3.3.01.001
barracuda_networks/barracuda_spam_firewall
3.3.03.053
Published
Aug 11, 2006
Tracked Since
Feb 18, 2026