[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability



On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote:
<snip>
> (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx )

What?

> Report-Timeline:
> ================
> 2012-11-26:	Researcher Notification & Coordination (Chokri Ben Achour)
> 2012-11-27:	Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
> 2013-04-03:	Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
> 2013-05-02:	Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow]
> 2012-06-00:	Public Disclosure (Vulnerability Laboratory)

What?

> Vulnerable Section(s):
> 				[+] Find Me
> 
> Vulnerable Module(s):
> 				[+] Call Forwarding - Add
> 
> Vulnerable Parameter(s):
> 				[+] Calling Sequence - Listing

What?

Do you hit some "send advisory" -button in your web page without checking the
details? Why don't you just include PoC?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature