Barracuda Spam Firewall dig_device.cgi Arbitrary Remote Code Execution

Network Security News – Tuesday, September 13, 2005 Events

Barracuda Spam Firewall dig_device.cgi Arbitrary Remote Code Execution

Barracuda Spam Firewall Appliance contains a flaw that allows a remote code execution attack. This flaw exists because the application does not validate user supplied supplied data submitted to the /cgi-bin/dig_device.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code on the appliance, leading to a loss of integrity.. Read more at osvdb.org/19280

CUPS Malformed Traversal HTTP Request Remote DoS

CUPS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted url including /.. is sent to the CUPS server, and will result in loss of availability for the service.. Read more at osvdb.org/12834