Document Title:
===
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1369
Release Date:
=
2015-01-06
Vulnerability Laboratory ID (VL-ID):
SEC Consult Vulnerability Lab Security Advisory 20150113-1
===
title: Privilege Escalation XSS Missing Authentication
product: Ansible Tower
vulnerable version: =2.0.2
fixed version: =2.0.5
Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v.
5.2.0
Advisory ID: SROEADV-2014-09
Author: Steffen Rösemann
Affected Software: CMS b2evolution v. 5.2.0 (Release-Date: 6th-Dec-2014)
Vendor URL: http://b2evolution.net/
Vendor Status: did not respond to issue
CVE-ID: -
The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet.
And yes, you missed something, (without the quotes) --data-binary @-
This turns it into a HTTP POST request and uses the input from stdin.
Otherwise you just do a regular HTTP GET which gets blocked because it's
not authenticated.
On