CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

UBUNTU-CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

BSA-2018-740

Security Advisory ID : BSA-2018-740 Component : CPU featuring SMT Revision : 1.0: Initial A group a researchers has discover a new vulnerability being called PortSmash, impacting all CPUs that use a Simultaneous Multithreading SMT architecture. SMT is a technology that allows multiple computing...

Open Source Intelligence Automation: Spiderfoot

Open Source Intelligence Automation SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more...

Users get multiple OTP Push Notifications, Radius servers see multiple Auth requests & Auth Failures

Users will receive authentication denials, may receive multiple Push Notifications, Radius servers will log multiple simultaneous authentication requests for the same user with different Radius IDs, or user One Time Password tokens will become locked out. If you review traces, you will see multip...

PortSwigger Web Security: JSBeautifier BApp: Race condition leads to memory disclosure

Description ==================== If an attacker builds up multiple connections which will be released at the same time having a response Content-Length of 0, leaving out the response Content-Length header or having a higher Content-Length than the actual response while insinuating starting a...

Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability

A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...

CVE-2016-1546

The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...

Generate TCP/UDP Outbound Traffic On Multiple Ports

This module generates TCP or UDP traffic across a sequence of ports, and is useful for finding firewall holes and egress filtering. It only generates traffic on the port range you specify. It is up to you to run a responder or packet capture tool on a remote endpoint to determine which ports are...

How to Run Multiple Android apps on Windows and Mac OS X Simultaneously

Bluestacks, the first app player for running Android apps on Windows, has launched the latest version of its Android emulator platform with one major upgrade: The Ability to Run Multiple Android apps Simultaneously. BlueStacks 2 Released Bluestacks previously only run a single app at a time...

SpiderFoot v2.6.1 - Open Source Intelligence Automation

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target. Purpose There are three main areas where SpiderFoot can be useful: 1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the tes...

AutoScan-Network - Automatically scan your network

AutoScan-Network is a network scanner discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network. System Requirements : •Mac OS X 10.5 or later •Microsoft Windows XP, Vista •GNU/Linux •Maemo 4...

FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities

No description provided by source. Title: ====== FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities Date: ===== 2013-08-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1041 VL-ID: ===== 1041 Common Vulnerability Scoring System:...

Coinbase: Simultaneous Session Logon : Improper Session Management

Hi, I would like to report this bug related to improper simultaneous logon. Issue: 1 When a user is logged in to the application already authenticated, visits the login page https://coinbase.com/signin he/she should directly get redirected to their home page as there is already a session running...

Scientific Linux Security Update : openldap on SL6.x i386/x86_64 (20140203)

A denial of service flaw was found in the way the OpenLDAP server daemon slapd performed reference counting when using the rwm rewrite/remap overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending ...

[SECURITY] Fedora 19 Update: nas-1.9.3-7.fc19

In a nutshell, NAS is the audio equivalent of an X display server. The Network Audio System NAS was developed by NCD for playing, recording, and manipulating audio data over a network. Like the X Window System, it uses the client/server model to separate applications from the specific drivers tha...

[SECURITY] Fedora 20 Update: nas-1.9.3-9.fc20

In a nutshell, NAS is the audio equivalent of an X display server. The Network Audio System NAS was developed by NCD for playing, recording, and manipulating audio data over a network. Like the X Window System, it uses the client/server model to separate applications from the specific drivers tha...

FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities

FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities Title: ====== FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities Date: ===== 2013-08-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1041 VL-ID: ===== 1041 Common Vulnerability Scoring System:...

FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities

Title: ====== FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities Date: ===== 2013-08-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1041 VL-ID: ===== 1041 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: =============...