Bugtraq mailing list archives
Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability
From: Henri Salo <henri.salo () kapsi fi>
Date: Fri, 28 Jun 2013 10:41:23 +0300
On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote: <snip>
(Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )
What?
Report-Timeline: ================ 2012-11-26: Researcher Notification & Coordination (Chokri Ben Achour) 2012-11-27: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program) 2013-04-03: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program) 2013-05-02: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow] 2012-06-00: Public Disclosure (Vulnerability Laboratory)
What?
Vulnerable Section(s): [+] Find Me Vulnerable Module(s): [+] Call Forwarding - Add Vulnerable Parameter(s): [+] Calling Sequence - Listing
What? Do you hit some "send advisory" -button in your web page without checking the details? Why don't you just include PoC? --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Vulnerability Lab (Jun 28)
- Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Henri Salo (Jun 28)