cvelistv5 - cve-2008-1094

CVE-2008-1094 (GCVE-0-2008-1094)

Vulnerability from cvelistv5 – Published: 2008-12-19 17:00 – Updated: 2024-08-07 08:08

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.exploit-db.com/exploits/7496	exploitx_refsource_EXPLOIT-DB
	http://secunia.com/advisories/33164	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/499293/100…	mailing-listx_refsource_BUGTRAQ
	http://www.barracudanetworks.com/ns/support/tech_…	x_refsource_CONFIRM
	http://securityreason.com/securityalert/4793	third-party-advisoryx_refsource_SREASON
	http://dcsl.ul.ie/advisories/02.htm	x_refsource_MISC
	http://securitytracker.com/id?1021455	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "7496",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7496"
          },
          {
            "name": "33164",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33164"
          },
          {
            "name": "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
          },
          {
            "name": "4793",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4793"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dcsl.ul.ie/advisories/02.htm"
          },
          {
            "name": "1021455",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021455"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "7496",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7496"
        },
        {
          "name": "33164",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33164"
        },
        {
          "name": "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
        },
        {
          "name": "4793",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4793"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dcsl.ul.ie/advisories/02.htm"
        },
        {
          "name": "1021455",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021455"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "7496",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/7496"
            },
            {
              "name": "33164",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33164"
            },
            {
              "name": "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
            },
            {
              "name": "http://www.barracudanetworks.com/ns/support/tech_alert.php",
              "refsource": "CONFIRM",
              "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
            },
            {
              "name": "4793",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4793"
            },
            {
              "name": "http://dcsl.ul.ie/advisories/02.htm",
              "refsource": "MISC",
              "url": "http://dcsl.ul.ie/advisories/02.htm"
            },
            {
              "name": "1021455",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021455"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1094",
    "datePublished": "2008-12-19T17:00:00",
    "dateReserved": "2008-02-28T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.5.11.020\", \"matchCriteriaId\": \"BD01511D-F23B-4C4C-9CB6-BC8483DCAC96\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de inyecci\\u00f3n SQL en index.cgi en la p\\u00e1gina de visi\\u00f3n de cuentas en Barracuda Spam Firewall (BSF) antes de 3.5.12.007, permite a administradores remotos autenticados ejecutar comandos arbitrarios SQL a trav\\u00e9s de un par\\u00e1metro pattern_x en la acci\\u00f3n search_count_equals, como lo demuestra el par\\u00e1metro pattern_0.\"}]",
      "id": "CVE-2008-1094",
      "lastModified": "2024-11-21T00:43:39.840",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-12-19T17:30:02.827",
      "references": "[{\"url\": \"http://dcsl.ul.ie/advisories/02.htm\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/33164\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/4793\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1021455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.barracudanetworks.com/ns/support/tech_alert.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/499293/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/7496\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://dcsl.ul.ie/advisories/02.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/33164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/4793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1021455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.barracudanetworks.com/ns/support/tech_alert.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/499293/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/7496\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1094\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-19T17:30:02.827\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n SQL en index.cgi en la p\u00e1gina de visi\u00f3n de cuentas en Barracuda Spam Firewall (BSF) antes de 3.5.12.007, permite a administradores remotos autenticados ejecutar comandos arbitrarios SQL a trav\u00e9s de un par\u00e1metro pattern_x en la acci\u00f3n search_count_equals, como lo demuestra el par\u00e1metro pattern_0.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.5.11.020\",\"matchCriteriaId\":\"BD01511D-F23B-4C4C-9CB6-BC8483DCAC96\"}]}]}],\"references\":[{\"url\":\"http://dcsl.ul.ie/advisories/02.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/33164\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4793\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1021455\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.barracudanetworks.com/ns/support/tech_alert.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/499293/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/7496\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dcsl.ul.ie/advisories/02.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/33164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1021455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.barracudanetworks.com/ns/support/tech_alert.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/499293/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/7496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-1094

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1094

Aliases

CVE-2008-1094

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1094",
    "description": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.",
    "id": "GSD-2008-1094",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-1094"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1094"
      ],
      "details": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.",
      "id": "GSD-2008-1094",
      "modified": "2023-12-13T01:23:03.292578Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1094",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "7496",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/7496"
          },
          {
            "name": "33164",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33164"
          },
          {
            "name": "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
          },
          {
            "name": "http://www.barracudanetworks.com/ns/support/tech_alert.php",
            "refsource": "CONFIRM",
            "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
          },
          {
            "name": "4793",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4793"
          },
          {
            "name": "http://dcsl.ul.ie/advisories/02.htm",
            "refsource": "MISC",
            "url": "http://dcsl.ul.ie/advisories/02.htm"
          },
          {
            "name": "1021455",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021455"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.5.11.020",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1094"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.barracudanetworks.com/ns/support/tech_alert.php",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
            },
            {
              "name": "1021455",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021455"
            },
            {
              "name": "33164",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33164"
            },
            {
              "name": "http://dcsl.ul.ie/advisories/02.htm",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://dcsl.ul.ie/advisories/02.htm"
            },
            {
              "name": "4793",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4793"
            },
            {
              "name": "7496",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/7496"
            },
            {
              "name": "20081216 CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:29Z",
      "publishedDate": "2008-12-19T17:30Z"
    }
  }
}

VAR-200812-0328

Vulnerability from variot - Updated: 2023-12-18 12:23

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Multiple Barracuda products are prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and an SQL-injection vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to the following are affected: Barracuda Message Archiver to 1.2.1.002. Barracuda Spam Firewall 3.5.12.007 and prior Barracuda Web Filter 3.3.0.052 and prior Barracuda IM Firewall 3.1.01.017 and prior Barracuda Load Balancer 2.3.024 and prior. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. ----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more: http://secunia.com/advisories/business_solutions/

TITLE: Barracuda Products Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID: SA33164

VERIFY ADVISORY: http://secunia.com/advisories/33164/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE:

From remote

OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/advisories/product/4639/ Barracuda IM Firewall http://secunia.com/advisories/product/20790/ Barracuda Load Balancer http://secunia.com/advisories/product/20791/ Barracuda Message Archiver http://secunia.com/advisories/product/20788/ Barracuda Web Filter http://secunia.com/advisories/product/20789/

DESCRIPTION: Dr.

Input passed to various parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

SOLUTION: Update to the latest version. Marian Ventuneac, Data Communications Security Laboratory, University of Limerick

ORIGINAL ADVISORY: Barracuda Networks: http://www.barracudanetworks.com/ns/support/tech_alert.php

Dr. Marian Ventuneac: http://dcsl.ul.ie/advisories/02.htm http://dcsl.ul.ie/advisories/03.htm

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200812-0328",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spam firewall",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "barracuda",
        "version": "3.5.11.020"
      },
      {
        "model": "spam firewall",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "barracuda",
        "version": "3.5.11.020"
      },
      {
        "model": "spam firewall",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "barracuda",
        "version": "3.5.12.007"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.3.0.038"
      },
      {
        "model": "message archiver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "1.1.0.010"
      },
      {
        "model": "load balancer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "2.2.6"
      },
      {
        "model": "im firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.0.01.008"
      },
      {
        "model": "web filter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.3.0.052"
      },
      {
        "model": "spam firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.5.12.007"
      },
      {
        "model": "message archiver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "1.2.1.002"
      },
      {
        "model": "load balancer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "2.3.24"
      },
      {
        "model": "im firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "barracuda",
        "version": "3.1.01.017"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "32867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.5.11.020",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marian Ventuneac\u203b marian.ventuneac@ul.ie",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-1094",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-1094",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-31219",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-1094",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200812-370",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31219",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Multiple Barracuda products are prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and an SQL-injection vulnerability. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nVersions prior to the following are affected:\nBarracuda Message Archiver  to 1.2.1.002. \nBarracuda Spam Firewall 3.5.12.007 and prior\nBarracuda Web Filter 3.3.0.052 and prior\nBarracuda IM Firewall 3.1.01.017 and prior\nBarracuda Load Balancer 2.3.024 and prior. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nBarracuda Products Cross-Site Scripting Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33164\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33164/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nBarracuda Spam Firewall\nhttp://secunia.com/advisories/product/4639/\nBarracuda IM Firewall\nhttp://secunia.com/advisories/product/20790/\nBarracuda Load Balancer\nhttp://secunia.com/advisories/product/20791/\nBarracuda Message Archiver\nhttp://secunia.com/advisories/product/20788/\nBarracuda Web Filter\nhttp://secunia.com/advisories/product/20789/\n\nDESCRIPTION:\nDr. \n\nInput passed to various parameters is not properly sanitised before\nbeing returned to the user. This can be exploited to execute\narbitrary HTML and script code in a user\u0027s browser session in context\nof an affected site. \n\nSOLUTION:\nUpdate to the latest version. Marian Ventuneac, Data Communications Security Laboratory,\nUniversity of Limerick\n\nORIGINAL ADVISORY:\nBarracuda Networks:\nhttp://www.barracudanetworks.com/ns/support/tech_alert.php\n\nDr. Marian Ventuneac:\nhttp://dcsl.ul.ie/advisories/02.htm\nhttp://dcsl.ul.ie/advisories/03.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "BID",
        "id": "32867"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "db": "PACKETSTORM",
        "id": "73049"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-31219",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-1094",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "33164",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1021455",
        "trust": 2.5
      },
      {
        "db": "SREASON",
        "id": "4793",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "7496",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512",
        "trust": 0.8
      },
      {
        "db": "MILW0RM",
        "id": "7496",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20081216 CVE-2008-1094 - BARRACUDA SPAN FIREWALL SQL INJECTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "32867",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "73064",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-66066",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-31219",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "73049",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "db": "BID",
        "id": "32867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "73049"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "id": "VAR-200812-0328",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:23:03.047000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Barracuda Spam Firewall resolved potential issue associated with the Users \u2192 Accounts View page",
        "trust": 0.8,
        "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1021455"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/33164"
      },
      {
        "trust": 2.1,
        "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
      },
      {
        "trust": 2.1,
        "url": "http://dcsl.ul.ie/advisories/02.htm"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/4793"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/7496"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1094"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1094"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/499293/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/7496"
      },
      {
        "trust": 0.4,
        "url": "http://dcsl.ul.ie/advisories/03.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.barracudanetworks.com/ns/?l=en_ca"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/499294"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/499293"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33164/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/4639/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20791/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20788/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20789/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20790/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "db": "BID",
        "id": "32867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "73049"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "db": "BID",
        "id": "32867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "73049"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "date": "2008-12-16T00:00:00",
        "db": "BID",
        "id": "32867"
      },
      {
        "date": "2011-06-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "date": "2008-12-16T12:16:02",
        "db": "PACKETSTORM",
        "id": "73049"
      },
      {
        "date": "2008-12-19T17:30:02.827000",
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31219"
      },
      {
        "date": "2008-12-19T18:42:00",
        "db": "BID",
        "id": "32867"
      },
      {
        "date": "2011-06-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      },
      {
        "date": "2018-10-11T20:29:29.240000",
        "db": "NVD",
        "id": "CVE-2008-1094"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Barracuda Spam Firewall of  Account View In the page  index.cgi In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002512"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-370"
      }
    ],
    "trust": 0.6
  }
}

GHSA-MJ85-5P2G-9HC4

Vulnerability from github – Published: 2022-05-01 23:36 – Updated: 2022-05-01 23:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-19T17:30:00Z",
    "severity": "MODERATE"
  },
  "details": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.",
  "id": "GHSA-mj85-5p2g-9hc4",
  "modified": "2022-05-01T23:36:31Z",
  "published": "2022-05-01T23:36:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1094"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/7496"
    },
    {
      "type": "WEB",
      "url": "http://dcsl.ul.ie/advisories/02.htm"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33164"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4793"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021455"
    },
    {
      "type": "WEB",
      "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-1094

Vulnerability from fkie_nvd - Published: 2008-12-19 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://dcsl.ul.ie/advisories/02.htm	Exploit
cve@mitre.org	http://secunia.com/advisories/33164	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/4793
cve@mitre.org	http://securitytracker.com/id?1021455
cve@mitre.org	http://www.barracudanetworks.com/ns/support/tech_alert.php	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/499293/100/0/threaded
cve@mitre.org	https://www.exploit-db.com/exploits/7496
af854a3a-2127-422b-91ae-364da2661108	http://dcsl.ul.ie/advisories/02.htm	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33164	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4793
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021455
af854a3a-2127-422b-91ae-364da2661108	http://www.barracudanetworks.com/ns/support/tech_alert.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/499293/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/7496

Impacted products

	Vendor	Product	Version
	barracuda_networks	barracuda_spam_firewall	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD01511D-F23B-4C4C-9CB6-BC8483DCAC96",
              "versionEndIncluding": "3.5.11.020",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en index.cgi en la p\u00e1gina de visi\u00f3n de cuentas en Barracuda Spam Firewall (BSF) antes de 3.5.12.007, permite a administradores remotos autenticados ejecutar comandos arbitrarios SQL a trav\u00e9s de un par\u00e1metro pattern_x en la acci\u00f3n search_count_equals, como lo demuestra el par\u00e1metro pattern_0."
    }
  ],
  "id": "CVE-2008-1094",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-19T17:30:02.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://dcsl.ul.ie/advisories/02.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4793"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021455"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://dcsl.ul.ie/advisories/02.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499293/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7496"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1094 (GCVE-0-2008-1094)

GSD-2008-1094

VAR-200812-0328

GHSA-MJ85-5P2G-9HC4

FKIE_CVE-2008-1094

Tags

Sightings

Nomenclature