CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.
Title CVE-2021-29922 rust standard library "net" - Improper Input Validation of octal literals in rust 1.52.0 std::net and below results...
Sick Codes @ DEF CON 29 August 5-8 2021!
Pleased to announce we will be speaking at two talks this year at DEF CON 29 conference in Las Vegas,...
CVE-2021-27616 – SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.
Title SAP Business One Hana (Chef Cookbook) - Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary...
CVE-2021-27614 – SAP Business One Hana (Chef Cookbook) – Incorrect Permission Assignment for Critical Resources – Root Privilege Escalation Vulnerability
Title SAP Business One Hana (Chef Cookbook) - Incorrect Permission Assignment for Critical Resources - Root Privilege Escalation Vulnerability CVE...
CVE-2021-27613 – SAP Business One Hana (Chef Cookbook) – Insecure Temporary File For Incoming & Outgoing Payroll Data – SAP Business One Chef Cookbook.
Title SAP Business One Hana (Chef Cookbook) - Insecure Temporary File For Incoming & Outgoing Payroll Data - SAP Business...
CVE-2021-27231 – Hestia Control Panel 1.4.0 and below – Subdomain Takeover – Improper Privilege Management
Title Hestia Control Panel 1.4.0 and below - Subdomain Takeover - Improper Privilege Management CVE ID CVE-2021-27231 CVSS Score 5.4...
CVE-2021-29921 – python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF & RFI vulnerabilities. — “ipaddress leading zeros in IPv4 address”
Title python stdlib "ipaddress" - Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF...
Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade.
Discovering who owns John Deere tractors, harvesters, and implements. What farm they are at. How old they are. And how...
SICK-2021-031 – John Deere Operations Center – Improper Authorization Allows Exposure of Sensitive Information to an Unauthorized Actor via Farming Equipment VIN API – iOS 5.1.2 and below, Android 5.1.4 and below, Web App
Title SICK-2021-031 - John Deere Operations Center - Improper Authorization Allows Exposure of Sensitive Information to an Unauthorized Actor via...
SICK-2021-012 – John Deere Account Portal – Information Disclosure – Rate Limitless Username Enumeration Via Unauthenticated Availability Look-ups.
Title John Deere Account Portal - Information Disclosure - Rate Limitless Username Enumeration Via Unauthenticated Availability Look-ups. CVE ID Not...