Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability

Henri Salo Fri, 28 Jun 2013 02:37:05 -0700

On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote:
<snip>
> (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )


What?

> Report-Timeline:
> ================
> 2012-11-26:   Researcher Notification & Coordination (Chokri Ben Achour)
> 2012-11-27:   Vendor Notification (Barracuda Networks Security Team - Bug 
> Bounty Program)
> 2013-04-03:   Vendor Response/Feedback (Barracuda Networks Security Team - 
> Bug Bounty Program)
> 2013-05-02:   Vendor Fix/Patch (Barracuda Networks Developer Team) 
> [Coordination: Dave Farrow]
> 2012-06-00:   Public Disclosure (Vulnerability Laboratory)

What?

> Vulnerable Section(s):
>                               [+] Find Me
> 
> Vulnerable Module(s):
>                               [+] Call Forwarding - Add
> 
> Vulnerable Parameter(s):
>                               [+] Calling Sequence - Listing

What?

Do you hit some "send advisory" -button in your web page without checking the
details? Why don't you just include PoC?

---
Henri Salo

signature.asc
Description: Digital signature

Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability

Reply via email to