On Fri, Jun 28, 2013 at 12:47:46AM +0100, Vulnerability Lab wrote: <snip> > (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx ) What? > Report-Timeline: > ================ > 2012-11-26: Researcher Notification & Coordination (Chokri Ben Achour) > 2012-11-27: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program) > 2013-04-03: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program) > 2013-05-02: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow] > 2012-06-00: Public Disclosure (Vulnerability Laboratory) What? > Vulnerable Section(s): > [+] Find Me > > Vulnerable Module(s): > [+] Call Forwarding - Add > > Vulnerable Parameter(s): > [+] Calling Sequence - Listing What? Do you hit some "send advisory" -button in your web page without checking the details? Why don't you just include PoC? --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
