0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Barracuda IMFirewall 620 Vulnerability
[======================================
Barracuda IMFirewall 620 Vulnerability
======================================
PenTest Information:
====================
GESEC Team (~remove) discover multiple Input Validation Vulnerabilities on Barracuda IM Firewall.
A remote attacker is able to get sensitive customer sessions (client-side)or can implement evil script
routines & malicious codes(server-side).
Details
=======
Tested on OS: Windows 7
Tested with Software: Mozilla Firefox 3.5.x (Portable|Mod) & HTTPsniff
Vulnerable Products: Barracuda IM Firewall 620
Affected Versions: Model 620 Firmware v4.0.01.003
Vulnerability Type: Input Validation Vulnerability (Server-Side|Persistent)
Vendor-URL: http://barracuda.com/
Advisory-Status: Published | 07.12.2009
Advisory-URL: http://censored ...
Report-URL: http://censored ...
Introduction
============
Barracuda Networks - Worldwide leader in email and Web security. T
he Barracuda Web Application Firewall is a complete and powerful security solution for Web applications and Web sites.
The Barracuda Web Application Firewall provides award-winning protection against hackers leveraging protocol or application
vulnerabilities to instigate data theft, denial of service or defacement of your Web site. The Barracuda Web Application
Firewall protects Web applications and Web services from malicious attacks, and can also increase the performance and scalability of
these applications. The Barracuda Web Application Firewall offers every capability needed to deliver, secure and
manage enterprise Web applications from a single appliance through an intuitive, real-time user interface.
* Single point of protection for inbound and outbound traffic for all Web applications
* Protects Web sites and Web applications against application layer attacks
* Delivers best practices security right out of the box
* Monitors traffic and provides reports about attackers and attack attempts
The Barracuda IM Firewall is the first product to provide everything an organization needs to control and manage internal
and external instant messaging (IM) traffic. It combines an integrated IM server and gateway solution that is powerful,
easy to use and affordable for businesses of all sizes. Installing in minutes, it can easily and completely identify and
manage both internal and public IM traffic within your organization. Using the Barracuda IM Firewall, your organization
can eliminate the security, virus, or compliance risks of instant messaging while harnessing the communications and productivity
benefits for which IM has become an indispensable asset.
(Copy from the Vendor's Homepage: http://www.barracudanetworks.com/ns/products/im_overview.php)
# 0day.today [2024-07-07] #