Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability
From: Henri Salo <henri.salo () kapsi fi>
Date: Fri, 28 Jun 2013 10:41:23 +0300

On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote:
<snip>
(Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )

What?

Report-Timeline:
================
2012-11-26:   Researcher Notification & Coordination (Chokri Ben Achour)
2012-11-27:   Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
2013-04-03:   Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
2013-05-02:   Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow]
2012-06-00:   Public Disclosure (Vulnerability Laboratory)

What?

Vulnerable Section(s):
                              [+] Find Me

Vulnerable Module(s):
                              [+] Call Forwarding - Add

Vulnerable Parameter(s):
                              [+] Calling Sequence - Listing

What?

Do you hit some "send advisory" -button in your web page without checking the
details? Why don't you just include PoC?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault