var-200608-0208
Vulnerability from variot
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. A remote attacker can exploit these issues to gain access to potentially sensitive information and execute commands in the context of the affected application. Versions 3.3.01.001 to 3.3.03.055 are vulnerable to these issues. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Although the guest account has only limited access, the following information can be obtained: * System configuration, including IP address, administrator IP ACL; * Email message log (but not the content of the message); * Spam/antivirus definition version information and system firmware version. There is also a file disclosure vulnerability in Barracuda's preview_email.cgi script. This script was used to retrieve messages from Barracuda's local message database, but did not properly filter the file parameter passed through GET to limit file retrieval to the message database directory, resulting in access to any Web Server user accessible files from the web interface. In addition, it is possible to execute arbitrary commands using the pipe symbol (|). Although this script requires a valid user login, this restriction can be easily bypassed by combining the guest password vulnerability described above.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Barracuda Spam Firewall Information Disclosure and Default Account
SECUNIA ADVISORY ID: SA21258
VERIFY ADVISORY: http://secunia.com/advisories/21258/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information
WHERE:
From local network
OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/product/4639/
DESCRIPTION: Greg Sinclair has reported a vulnerability and a security issue in Barracuda Spam Firewall, which can be exploited by malicious people to bypass certain security restrictions and disclose various information.
1) Input passed to the "file" parameter in preview_email.cgi is not properly verified, before it is used to view files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks (e.g. message logs).
Example: https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]
Successful exploitation requires that the user has been authenticated.
2) A default guest account with a hard-coded password exists in Login.pm. This can be exploited to disclose various configuration and version information.
A combination of the two issues can be exploited by a malicious person to disclose the contents of arbitrary files.
The vulnerability and the security issue have been reported in firmware versions 3.3.01.001 through 3.3.03.053.
SOLUTION: Update to firmware version 3.3.0.54.
PROVIDED AND/OR DISCOVERED BY: Greg Sinclair
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spam firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "3.3.01.001"
},
{
"model": "spam firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "3.3.03.055"
},
{
"model": "spam firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "3.3.03.053"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"model": "spam firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "barracuda",
"version": "3.3.01.001 to 3.3.03.053"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.3.03.055"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.3.03.053"
},
{
"model": "networks barracuda spam firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "barracuda",
"version": "3.3.01.001"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "BID",
"id": "19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barracuda_networks:barracuda_spam_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Greg Sinclair gssincla@nnlsoftware.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2006-4000",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-20108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4000",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#199348",
"trust": 0.8,
"value": "2.57"
},
{
"author": "NVD",
"id": "CVE-2006-4000",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-066",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20108",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20108"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Spam Firewall is prone to multiple vulnerabilities, including a directory-traversal issue, access-validation issue, and a remote command-execution issue. \nA remote attacker can exploit these issues to gain access to potentially sensitive information and execute commands in the context of the affected application. \nVersions 3.3.01.001 to 3.3.03.055 are vulnerable to these issues. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. Although the guest account has only limited access, the following information can be obtained: * System configuration, including IP address, administrator IP ACL; * Email message log (but not the content of the message); * Spam/antivirus definition version information and system firmware version. There is also a file disclosure vulnerability in Barracuda\u0027s preview_email.cgi script. This script was used to retrieve messages from Barracuda\u0027s local message database, but did not properly filter the file parameter passed through GET to limit file retrieval to the message database directory, resulting in access to any Web Server user accessible files from the web interface. In addition, it is possible to execute arbitrary commands using the pipe symbol (|). Although this script requires a valid user login, this restriction can be easily bypassed by combining the guest password vulnerability described above. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nBarracuda Spam Firewall Information Disclosure and Default Account\n\nSECUNIA ADVISORY ID:\nSA21258\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21258/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, Exposure of\nsensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nBarracuda Spam Firewall\nhttp://secunia.com/product/4639/\n\nDESCRIPTION:\nGreg Sinclair has reported a vulnerability and a security issue in\nBarracuda Spam Firewall, which can be exploited by malicious people\nto bypass certain security restrictions and disclose various\ninformation. \n\n1) Input passed to the \"file\" parameter in preview_email.cgi is not\nproperly verified, before it is used to view files. This can be\nexploited to disclose the contents of arbitrary files via directory\ntraversal attacks (e.g. message logs). \n\nExample:\nhttps://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]\n\nSuccessful exploitation requires that the user has been\nauthenticated. \n\n2) A default guest account with a hard-coded password exists in\nLogin.pm. This can be exploited to disclose various configuration and\nversion information. \n\nA combination of the two issues can be exploited by a malicious\nperson to disclose the contents of arbitrary files. \n\nThe vulnerability and the security issue have been reported in\nfirmware versions 3.3.01.001 through 3.3.03.053. \n\nSOLUTION:\nUpdate to firmware version 3.3.0.54. \n\nPROVIDED AND/OR DISCOVERED BY:\nGreg Sinclair\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4000"
},
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"db": "BID",
"id": "19276"
},
{
"db": "VULHUB",
"id": "VHN-20108"
},
{
"db": "PACKETSTORM",
"id": "48752"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20108",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20108"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4000",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "21258",
"trust": 2.6
},
{
"db": "BID",
"id": "19276",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3104",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#199348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200608-066",
"trust": 0.7
},
{
"db": "XF",
"id": "28214",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060801 BARRACUDA VULNERABILITY: ARBITRARY FILE DISCLOSURE [NNL-20060801-02]",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "28321",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48752",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20108"
},
{
"db": "BID",
"id": "19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"db": "PACKETSTORM",
"id": "48752"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"id": "VAR-200608-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20108"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:19:59.273000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.barracudanetworks.com/ns/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19276"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21258"
},
{
"trust": 1.1,
"url": "http://www.barracudanetworks.com/ns/products/spam_overview.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/441861/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3104"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28214"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/21258/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4000"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4000"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441861/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28214"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3104"
},
{
"trust": 0.3,
"url": "https://lists.grok.org.uk/mailman/listinfo/full-disclosure"
},
{
"trust": 0.3,
"url": "/archive/1/442249"
},
{
"trust": 0.3,
"url": "/archive/1/442132"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4639/"
},
{
"trust": 0.1,
"url": "https://[host]/cgi-bin/preview_email.cgi?file=/mail/mlog/../[file]"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20108"
},
{
"db": "BID",
"id": "19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"db": "PACKETSTORM",
"id": "48752"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#199348"
},
{
"db": "VULHUB",
"id": "VHN-20108"
},
{
"db": "BID",
"id": "19276"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"db": "PACKETSTORM",
"id": "48752"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-24T00:00:00",
"db": "CERT/CC",
"id": "VU#199348"
},
{
"date": "2006-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-20108"
},
{
"date": "2006-08-01T00:00:00",
"db": "BID",
"id": "19276"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"date": "2006-08-03T03:35:36",
"db": "PACKETSTORM",
"id": "48752"
},
{
"date": "2006-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"date": "2006-08-05T01:04:00",
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-29T00:00:00",
"db": "CERT/CC",
"id": "VU#199348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20108"
},
{
"date": "2016-07-06T12:19:00",
"db": "BID",
"id": "19276"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001041"
},
{
"date": "2006-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-066"
},
{
"date": "2024-11-21T00:14:54.507000",
"db": "NVD",
"id": "CVE-2006-4000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Spam Firewall contains hardcoded default login credentials",
"sources": [
{
"db": "CERT/CC",
"id": "VU#199348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-066"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…