Arjun v1.3 - HTTP Parameter Discovery Suite

Features Multi-threading 4 modes of detection A typical scan takes 30 seconds Regex powered heuristic scanning Huge list of 25,980 parameter names Makes just 30-35 requests to the target Usage Note: Arjun doesn't work with python 3.4 Discover parameters To find GET parameters, you can simply do:...

Oracle Linux 7 : openssl (ELSA-2019-0483)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0483 advisory. 1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing...

RHEL 7 : openssl (RHSA-2019:0483)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0483 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

AirMore 1.6.1 - Denial of Service (PoC)

AirMore 1.6.1 - Denial of Service PoC !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Exploit Title: AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Date: 2019-02-14 Exploit Author: Marcelo Vázquez aka s4vita...

AirMore 1.6.1 Denial Of Service

!/usr/bin/python coding: utf-8 Author: Marcelo VA!zquez aka s4vitar AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Exploit Title: AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Date: 2019-02-14 Exploit Author: Marcelo VA!zquez aka s4vitar Vendor Homepage:...

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)

!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ApowerManager Remote Denial of Service DoS / Application Crash Exploit Title: ApowerManager - Phone Manager Remote Denial of Service DoS / Application Crash Date: 2019-02-14 Exploit Author: Marcelo Vázquez aka s4vitar Vendor...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Summary Multiple Node.js vulnerabilities were disclosed by the Node.js project. Node.js is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details...

OpenSSL 1.0.2 < 1.0.2q Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2q. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2q advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

Security Bulletin: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

Summary IBM MessageSight has addressed the following vulnerability. A microprocessor side-channel vulnerability was found. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information that can result in leakage of secret da...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.j...

EulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2018-1434)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on th...

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

[slackware-security] openssl

New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2q-i586-1slack14.2.txz: Upgraded. This update fixes a timing side-channel flaw on processors which implement...

[SECURITY] Fedora 29 Update: suricata-4.0.6-1.fc29

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 27 Update: suricata-4.0.6-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Design/Logic Flaw

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

DEBIAN-CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...