Lucene search
K

20 matches found

Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.93 views

📄 Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This Metasploit module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The librarys Utility.pm...

9.8CVSS8AI score0.43323EPSS
Exploits2
Metasploit
Metasploit
added 2026/05/19 7:0 p.m.275 views

Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The library's Utility.pm contains an...

9.8CVSS8.1AI score0.43323EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/09/09 12:27 a.m.4 views

45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage

Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. "The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming...

9.8CVSS9.7AI score0.86956EPSS
Exploits3
Information Security Automation
Information Security Automation
added 2025/01/20 3:2 p.m.33 views

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending to compare the scale, just over 40,000 were added to NVD in 2024. All trending vulnerabilities are found in Western commercial products and...

9.8CVSS9AI score0.99999EPSS
Exploits82
CISA
CISA
added 2023/08/29 12:0 p.m.13 views

CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA has released additional indicators of compromise IOCs associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway ESG Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this...

9.8CVSS10AI score0.86956EPSS
In wildExploits3References6
The Hacker News
The Hacker News
added 2023/07/29 4:59 a.m.93 views

Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway ESG appliances. "SUBMARINE comprises multiple artifacts — includin...

9.8CVSS9.8AI score0.86956EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/06/15 2:56 p.m.102 views

Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway

A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...

9.8CVSS9.8AI score0.86956EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/06/15 2:56 p.m.5 views

Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway

A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...

9.8CVSS8AI score0.86956EPSS
Exploits3
Trellix
Trellix
added 2023/06/07 12:0 a.m.181 views

The Bug Report - May 2023 Edition

The Bug Report – May 2023 Edition By Mark Bereza · June 7, 2023 Why am I here? In the film The Number 23, Jim Carrey masterfully portrays Walter Sparrow, a man who finds himself obsessed with the number 23 after coming upon a book detailing the 23 enigma, and begins to see it everywhere he looks,...

7.2AI score0.99284EPSS
Exploits12
The Hacker News
The Hacker News
added 2023/05/31 5:25 a.m.2 views

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway ESG appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-286...

9.8CVSS7.9AI score0.86956EPSS
Exploits3
NVD
NVD
added 2023/05/24 7:15 p.m.23 views

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

9.8CVSS9.8AI score0.86956EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2023/05/24 7:15 p.m.56 views

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

9.8CVSS7.5AI score0.98975EPSS
In wildExploits22References4Affected Software1
Prion
Prion
added 2023/05/24 7:15 p.m.26 views

Command injection

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

7.5CVSS9.7AI score0.86956EPSS
Exploits3References2Affected Software5
Vulnrichment
Vulnrichment
added 2023/05/24 6:0 p.m.4 views

CVE-2023-2868 Remote Code injection in Barracuda Email Security Gateway

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

9.4CVSS7.5AI score0.86956EPSS
Exploits3References2
CVE
CVE
added 2023/05/24 6:0 p.m.1115 views

CVE-2023-2868

CVE-2023-2868 affects Barracuda Email Security Gateway (ESG) Appliance versions 5.1.3.001–9.2.0.006. It is due to incomplete sanitization of a user-supplied .tar archive, enabling remote command execution via Perl's qx with the appliance privileges. Barracuda fixed it in patch BNSF-36456 (auto-ap...

9.8CVSS9.7AI score0.86956EPSS
In wildExploits3References3Affected Software1
Packet Storm
Packet Storm
added 2013/07/19 12:0 a.m.46 views

Barracuda LB / SVF / WAF / WEF Cross Site Scripting

Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...

0.2AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/11/06 12:0 a.m.8 views

Barracuda EMail Security - Filter Bypass Vulnerability

Document Title: =============== Barracuda EMail Security - Filter Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 Download: http://www.vulnerability-lab.com/resources/videos/744.wmv View: http://www.youtube.com/watch?v=r9cwfFta5OY Release Date:...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/11/06 12:0 a.m.17 views

Barracuda EMail Security - Filter Bypass Vulnerability

Document Title: =============== Barracuda EMail Security - Filter Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 Download: http://www.vulnerability-lab.com/resources/videos/744.wmv View: http://www.youtube.com/watch?v=r9cwfFta5OY Release Date:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/08/02 12:0 a.m.11 views

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage...

0.5AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/07/31 12:0 a.m.14 views

Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities

Document Title: =============== Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=621 http://www.vulnerability-lab.com/getcontent.php?id=563 Barracuda Networks Security ID: BNSEC-304 Release Dat...

0.3AI score
Exploits0
Rows per page
Query Builder