CVE-2007-6314

BarracudaDrive Web Server <3.8 - Info Disclosure

Title source: llm

Description

BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/4713

View on exploitdb

References (6)

[Exploit] http://aluigi.altervista.org/adv/barradrive-adv.txt

[Vendor Advisory] http://secunia.com/advisories/28032

[Exploit, Patch] http://www.securityfocus.com/bid/26805

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38972

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484833/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3434

Scores

EPSS 0.0793

EPSS Percentile 91.9%

Classification

CWE

CWE-20

Status draft

Affected Products (2)

real_time_logic/barracudadrive_web_server

real_time_logic/barracudadrive_web_server_home_server

Timeline

Published Dec 12, 2007

Tracked Since Feb 18, 2026