SecPod

Learn Search

Search across all Learn content

← Back to Security Research

BarracudaDrive Multiple XSS Vulnerabilities

SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the ap...

Mar 24, 2014By Veerendra GG1 min read

SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.

Complete Advisory information can be found here.

Advisory in CVRF format can be found here.

plaintext
Coordinated Vulnerability Disclosure
- 20/03/2014 Issue Discovered
- 25/03/2014 Vendor Notified
- 26/03/2014 Vendor Responded
- 27/03/2014 Vendor Solution
- 28/04/2014 Advisory Released

Welcome any feedback or suggestions.

Cheers!
SecPod Research Team

Featured Posts

Open Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

Open AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure
AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Open From Emergence to Dominance: INC Ransomware Surpasses 830 Victims and Strengthens Its RaaS Operations
From Emergence to Dominance: INC Ransomware Surpasses 830 Victims and Strengthens Its RaaS Operations

CVE Research

From Emergence to Dominance: INC Ransomware Surpasses 830 Victims and Strengthens Its RaaS Operations

INC Ransomware has rapidly evolved into one of the most active ransomware-as-a-service (RaaS) operations in 2026, claiming responsibility for more than 830 victims worldwide since its emergence in August 2023. Security researchers attribute its growth to a combination of aggressive affiliate recruitment, opportunistic targeting, and the disruption of major ransomware groups such as ALPHV/BlackCat and LockBit, which created opportunities for newer actors to expand their influence within the cybercrime ecosystem.

Jun 19, 2026

Open AI Assisted CTF: Same Systems. Two Scans. Before and After Saner
AI attack surface reduction using Saner

CVE Research

AI Assisted CTF: Same Systems. Two Scans. Before and After Saner

What changed when AI tested the lab before and after Saner reduced the usable attack surface

Jun 12, 2026