K6923: LDAP and RADIUS authentication failures can reveal a valid FirePass username

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution (extra)

No description provided by source. Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall...

[SA23626] FirePass URL Restriction Bypass

TITLE: FirePass URL Restriction Bypass SECUNIA ADVISORY ID: SA23626 VERIFY ADVISORY: http://secunia.com/advisories/23626/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...

SOL6922 - Decimal-encoded IP address circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section of the Portal Access: Web Applications: Master Group Settings page using a URL with a decimal-encoded IP address. When you log in to the FirePass Webtop, you can enter a URL into the Webtop Address Bar if the...

SOL6592 - Cross-Site Scripting vulnerability in the logon page

A cross-site scripting XSS vulnerability exists in the FirePass logon page. The affected FirePass logout URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages or emails with URLs that include executable code or...

barracudeHardcode.txt

Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...

Barracuda Arbitrary File Disclosure + Command Execution

Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair Credits: Matthew Hall Update: 07 August 2006 Updated by: PATz...

Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution (extra)

Exploit for hardware platform in category remote exploits =================================================================== Barracuda Spam Firewall /cgi-bin/previewemail.cgi?file=/mail/mlog/../tmp/backup/periodicconfig.txt.tmp https:///cgi-bin/previewemail.cgi?file=/mail/mlog/../../bin/ls%20/|...

Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)

Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview:...