The remote web server contains CGI scripts that are affected by several issues.
The remote Barracuda Spam Firewall device is using a firmware version earlier than 3.5.12.007. Such versions reportedly are affected by several issues : - There is a SQL injection vulnerability involving the 'pattern_x' parameter (where x=0...n) of the 'cgi-bin/index.cgi' script when 'filter_x' is set to 'search_count_equals'. Successful exploitation requires credentials. (CVE-2008-1094) - There are multiple cross-site scripting vulnerabilities due to a failure to sanitize user input when displaying error messages and involving multiple hidden input elements. (CVE-2008-0971)