Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4081

5 documents4 sources
Severity
7.5HIGH
EPSS
18.5%
top 4.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Barracuda Networks Barracuda Spam Firewall
Timeline
PublishedAug 11
Latest updateMay 1

Description

preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDbarracuda_networks/barracuda_spam_firewall3.3.01.001, 3.3.03.053+1

🔴Vulnerability Details

2
GHSA
GHSA-c7vp-rjm4-r724: preview_email2022-05-01
CVEList
CVE-2006-4081: preview_email2006-08-11

💥Exploits & PoCs

2
Exploit-DB
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)2006-08-08
Exploit-DB
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)2006-08-07
CVE-2006-4081 (HIGH CVSS 7.5) | preview_email.cgi in Barracuda Spam | cvebase.io