The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.
Source: Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
The post Barracuda WAF V360 Firmw…
The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.
Source: Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexit…
Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is […]
The post Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure appeared first on MondoUnix.
Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware ver…
LibTIFF version 4.0.7 suffers from a _TIFFVGetField (tiffsplit) out-of-bounds read vulnerability.
Source: LibTIFF 4.0.7 _TIFFVGetField (tiffsplit) Out-Of-Bounds Read
The post LibTIFF 4.0.7 _TIFFVGetField (tiffsplit) Out-Of-Bounds Read appeared first on…
LibTIFF versions 4.0.8 and below suffer from a denial of service vulnerability in tif_jbig.c.
Source: LibTIFF 4.0.8 tif_jbig.c Denial Of Service
The post LibTIFF 4.0.8 tif_jbig.c Denial Of Service appeared first on MondoUnix.
This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds […]
The post GoAutoDial 3.3 Authentication Bypass / Command Injection appeared first on MondoUnix.
PDNS Manager from Git master 3bf4e28 (2016-12-12) through 2bb00ea (2017-05-22) suffer from a remote command execution vulnerability.
Source: PDNS Manager Remote Command Execution
The post PDNS Manager Remote Command Execution appeared first on MondoUnix.
IoT mDNS/DNS-SD QM amplification distributed denial of service exploit.
Source: IoT mDNS/DNS-SD QM Amplification Distributed Denial Of Service
The post IoT mDNS/DNS-SD QM Amplification Distributed Denial Of Service appeared first on MondoUnix.
rpcinfo portmap DUMP call amplification distributed denial of service exploit.
Source: rpcinfo Portmap DUMP Call Amplification Distributed Denial Of Service
The post rpcinfo Portmap DUMP Call Amplification Distributed Denial Of Service appeared first o…
