Posted by kapejod () googlemail com on Jan 13

The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet.

And yes, you missed something, (without the quotes) ” –data-binary @-“
This turns it into a HTTP POST request and uses the input from stdin.
Otherwise you just do a regular HTTP GET which gets blocked because it’s
not authenticated.

On Mon, Jan 12, 2015 at 10:20 PM, Martin Schuhmacher <broetchen25 () gmx net>
wrote:

Posted by Max Mühlbronner on Jan 13

Hi,

it works fine for me:

dd if=/dev/zero bs=1M count=32 | curl http://SNOMIP –data-binary @-

Phone crashes after just a few seconds.

Best Regards

Max M.

Posted by Steffen Rösemann on Jan 13

Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v.
5.2.0
Advisory ID: SROEADV-2014-09
Author: Steffen Rösemann
Affected Software: CMS b2evolution v. 5.2.0 (Release-Date: 6th-Dec-2014)
Vendor URL: http://b2evolution.net/
Vendor Status: did not respond to issue
CVE-ID: –

==========================
Vulnerability Description:
==========================

The filemanager of b2evolution v. 5.2.0 is prone to reflecting XSS…

Posted by Diéyǔ on Jan 13

Origin:
Visit https://technet.microsoft.com/library/security/ms14-080
Go to “Acknowledgments” part and search for “CVE-2014-6365”
It says “Dieyu” – that’s me.

Technical Details:
“Internet Explorer XSS Filter Bypass Vulnerability” is done by…
1. Inject “a href” link into target page.
(Not script, allowed by filter)
2. User clicks this injected link.
(Clickjacking etc)
3. URL of this…

Posted by ITAS Team on Jan 13

# Exploit Title: SQL Injection Vulnerability in Microweber 0.95

# Vendor: https://microweber.com/

# Download link: https://microweber.com/download
(https://github.com/microweber/microweber)

# CVE ID: CVE-2014-9464

# Vulnerability: SQL Injection

# Affected version: Version 0.95 before 12/09/2014.

# Fixed version: Version 0.95 updated on 12/11/2014

# Author:…

Posted by Tim on Jan 13

Hi Brandon,

Yes, you should. For those out there who don’t routinely find
vulnerabilities, it is hard for them to understand that these issues
aren’t hard to find if you know what you’re looking for. Quite a few
bugs I’ve found in the past have been found by others independently
and published before I got around to it. It happens a LOT more than
people think.

Also, I think companies that sell security software should be…

Posted by Julius Kivimäki on Jan 13

ayy lmao

//Julius Kivimäki, leader of Lizard Squad

2015-01-12 10:29 GMT+00:00 Robert Cavanaugh <sleuth1337 () gmail com>:

Posted by Peter Lapp on Jan 13

Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15.

Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6

Summary
=======

The F5 ASM is a web application firewall designed to protect web
applications from attacks. It allows for a…

Posted by Martin Schuhmacher on Jan 13

Hi

i just did

$ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
Response: Unauthorized request

did i miss anything?

Firmware: snom360-SIP 8.7.4.8
not downloadable any more for some reason?

Yours
Martin

Posted by Robert Cavanaugh on Jan 12

Hi FD,

I’m sure you’re all sick to death of hearing about Lizard Squad and the
skid marks they’re leaving all over the place, so we’ll make this brief:
Lizard Squad has been rekt and the source code for their bots is now
available for your viewing pleasure.

https://github.com/pop-pop-ret/lizkebab

0wned by: Chippy1337, @packetprophet

If you lulz’d, send BTC to 129UQoB3JvZg3iDERYZiXeHPkwT1iJF8u4
<…