BugTraq
Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Jun 27 2013 11:47PM
Vulnerability Lab (research vulnerability-lab com) (1 replies)
Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Jun 28 2013 07:41AM
Henri Salo (henri salo kapsi fi)
On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote:
<snip>
> (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )

What?

> Report-Timeline:
> ================
> 2012-11-26: Researcher Notification & Coordination (Chokri Ben Achour)
> 2012-11-27: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
> 2013-04-03: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
> 2013-05-02: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow]
> 2012-06-00: Public Disclosure (Vulnerability Laboratory)

What?

> Vulnerable Section(s):
> [+] Find Me
>
> Vulnerable Module(s):
> [+] Call Forwarding - Add
>
> Vulnerable Parameter(s):
> [+] Calling Sequence - Listing

What?

Do you hit some "send advisory" -button in your web page without checking the
details? Why don't you just include PoC?

---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlHNPiMACgkQXf6hBi6kbk9SUACfbJPVuPvZoPsR8SbJ1fJuEUhq
j+4An33ahOKvdPq0VNA1QsE6KtrXYcAe
=g+ur
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus