Greg Sinclair

**Name of the Vulnerable Software and Affected Versions** Barracuda Spam Firewall (BSF) versions 3.3.01.001 through 3.3.03.053 **Description** The issue allows remote attackers to execute commands via shell metacharacters, specifically the "|" pipe symbol, in the `file` parameter of the `preview email.cgi` script. This can potentially be extended to execute arbitrary commands. **Recommendations** For versions 3.3.01.001 through 3.3.03.053, consider restricting access to the `preview email.cgi` script until a fix is available, and avoid using the "|" pipe symbol in the `file` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Barracuda Spam Firewall (BSF) version 3.3.03.053 **Description** The issue concerns a hardcoded password for the admin account, allowing local users to gain privileges when logging in from 127.0.0.1 (localhost). **Recommendations** For Barracuda Spam Firewall (BSF) version 3.3.03.053, consider changing the hardcoded password for the admin account to prevent unauthorized access. As a temporary workaround, restrict local access to the admin account until a more permanent solution is available.