Barracuda Link Balancer XSS vulnerabilities
Posted on 07 November 2011.
Two vulnerabilities have been reported in Barracuda Link Balancer, which can be exploited by malicious people to conduct cross-site scripting attacks, according to Secunia.


Certain input passed via the "zoneid" and "scope" parameters related to the "Authoritative DNS - DNS Zones" module is not properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in Barracuda Link Balancer 330 firmware versions v1.3.2.005 and earlier.

Solution: The vendor has issued a fix.





Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //