Barracuda ESG TAR Filename Command Injection

This module exploits CVE-2023-2868, a command injection vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the ESG processes TAR file attachments - filenames containing shell metacharacters backticks are passed directly to shell commands during...

The vulnerability of the Spreadsheet::ParseExcel library in email security gateways of the Barracuda Email Security Gateway Appliance, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the Spreadsheet::ParseExcel library, a microprogramming solution for email security gateways like Barracuda Email Security Gateway Appliance, is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

PT-2023-8145

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001 Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis...

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...