| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130628074123.GD21380@kludge.henri.nerv.fi>
Date: Fri, 28 Jun 2013 10:41:23 +0300
From: Henri Salo <henri.salo@...si.fi>
To: Vulnerability Lab <research@...nerability-lab.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability
On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote:
<snip>
> (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )
What?
> Report-Timeline:
> ================
> 2012-11-26: Researcher Notification & Coordination (Chokri Ben Achour)
> 2012-11-27: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
> 2013-04-03: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
> 2013-05-02: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow]
> 2012-06-00: Public Disclosure (Vulnerability Laboratory)
What?
> Vulnerable Section(s):
> [+] Find Me
>
> Vulnerable Module(s):
> [+] Call Forwarding - Add
>
> Vulnerable Parameter(s):
> [+] Calling Sequence - Listing
What?
Do you hit some "send advisory" -button in your web page without checking the
details? Why don't you just include PoC?
---
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists