No Result

View All Result

No Result

View All Result

No Result

View All Result

Security

Home Category Security

Security

CVE-2021-33669 – SAP Mobile SDK Certificate Provider – Insecure Temporary File Storage – Potential Symlink Attack & Denial of Service

October 4, 2021

Security

CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux

September 24, 2021 - Updated on October 4, 2021

Security

Sick Codes Speaking @ CornCon Cyber Security Conference September 10-11, 2021 in Bettendorf, Iowa!

August 27, 2021

Security

CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log

August 16, 2021 - Updated on October 4, 2021

Being “root” on two Agriculture Companies (in Good Faith). Maxing out the John Deere Operations Center Worldwide and Case Industrial in Brazil [Agricultural Security & Hacking]

by Sick Codes

August 9, 2021 - Updated on August 29, 2021

Over the weekend, we presented an undertaking by a group of researchers that decided to "just have a look" at...

CVE-2021-29923 – golang standard library “net” – Improper Input Validation of octal literals in golang 1.16.2 and below standard library “net” results in indeterminate SSRF & RFI vulnerabilities.

by Sick Codes

August 7, 2021 - Updated on October 4, 2021

Title CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library...

CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

by Sick Codes

August 7, 2021 - Updated on October 4, 2021

Title CVE-2021-29922 rust standard library "net" - Improper Input Validation of octal literals in rust 1.52.0 std::net and below results...

Sick Codes @ DEF CON 29 August 5-8 2021!

by Sick Codes

June 29, 2021 - Updated on August 7, 2021

Pleased to announce we will be speaking at two talks this year at DEF CON 29 conference in Las Vegas,...

SAP Business One Hana Chef Cookbook Vulnerability

CVE-2021-27616 – SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.

by Sick Codes

June 8, 2021 - Updated on June 12, 2021

Title SAP Business One Hana (Chef Cookbook) - Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary...

CVE-2021-27614 – SAP Business One Hana (Chef Cookbook) – Incorrect Permission Assignment for Critical Resources – Root Privilege Escalation Vulnerability

by Sick Codes

June 8, 2021 - Updated on June 12, 2021

Title SAP Business One Hana (Chef Cookbook) - Incorrect Permission Assignment for Critical Resources - Root Privilege Escalation Vulnerability CVE...

CVE-2021-27613 – SAP Business One Hana (Chef Cookbook) – Insecure Temporary File For Incoming & Outgoing Payroll Data – SAP Business One Chef Cookbook.

by Sick Codes

June 8, 2021 - Updated on June 12, 2021

Title SAP Business One Hana (Chef Cookbook) - Insecure Temporary File For Incoming & Outgoing Payroll Data - SAP Business...

CVE-2021-27231 – Hestia Control Panel 1.4.0 and below – Subdomain Takeover – Improper Privilege Management

by Sick Codes

May 12, 2021

Title Hestia Control Panel 1.4.0 and below - Subdomain Takeover - Improper Privilege Management CVE ID CVE-2021-27231 CVSS Score 5.4...

python stdlib "ipaddress" CVE-2021-29921

CVE-2021-29921 – python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF & RFI vulnerabilities. — “ipaddress leading zeros in IPv4 address”

by Sick Codes

April 30, 2021 - Updated on October 4, 2021

Title python stdlib "ipaddress" - Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF...

John Deere Account Portal - Information Disclosure - Rate Limitless Username Enumeration Via Unauthenticated Availability Look-ups

Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade.

by Sick Codes

April 22, 2021

Discovering who owns John Deere tractors, harvesters, and implements. What farm they are at. How old they are. And how...

Page 1 of 3 1 2 3 Next

No Result

View All Result

Security

CVE-2021-33669 – SAP Mobile SDK Certificate Provider – Insecure Temporary File Storage – Potential Symlink Attack & Denial of Service

CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux

Sick Codes Speaking @ CornCon Cyber Security Conference September 10-11, 2021 in Bettendorf, Iowa!

CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log

Being “root” on two Agriculture Companies (in Good Faith). Maxing out the John Deere Operations Center Worldwide and Case Industrial in Brazil [Agricultural Security & Hacking]

CVE-2021-29923 – golang standard library “net” – Improper Input Validation of octal literals in golang 1.16.2 and below standard library “net” results in indeterminate SSRF & RFI vulnerabilities.

CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

Sick Codes @ DEF CON 29 August 5-8 2021!

CVE-2021-27616 – SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.

CVE-2021-27614 – SAP Business One Hana (Chef Cookbook) – Incorrect Permission Assignment for Critical Resources – Root Privilege Escalation Vulnerability

CVE-2021-27613 – SAP Business One Hana (Chef Cookbook) – Insecure Temporary File For Incoming & Outgoing Payroll Data – SAP Business One Chef Cookbook.

CVE-2021-27231 – Hestia Control Panel 1.4.0 and below – Subdomain Takeover – Improper Privilege Management

CVE-2021-29921 – python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF & RFI vulnerabilities. — “ipaddress leading zeros in IPv4 address”

Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade.

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form