Hacker News
- Netmask NPM package, used by 270k+ projects, vulnerable to octal input data https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ 87 comments
- CVE-2022-28345 - Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg https://sick.codes/sick-2022-42/ 17 comments netsec
- CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux https://sick.codes/sick-2021-111/ 6 comments netsec
- CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log (fixed in 1.28.x) https://sick.codes/sick-2021-109/ 4 comments netsec
- CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52 and below. (See comments for CVE-2021-29923 golang) https://sick.codes/sick-2021-015/ 17 comments netsec
- CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52 and below https://sick.codes/sick-2021-015 22 comments rust
- Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cade https://sick.codes/leaky-john-deere-apis-serious-food-supply-chain-vulnerabilities-discovered-by-sick-codes-kevin-kenney-willie-cade/ 157 comments programming
- CVE-2021-29921 – python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0+ results in indeterminate SSRF & RFI vulnerabilities. — “ipaddress leading zeros in IPv4 address” https://sick.codes/sick-2021-014/ 26 comments netsec
- Leaky John Deere API’s: Serious PII & Food Supply Chain Vulnerabilities Discovered In John Deere Website https://sick.codes/leaky-john-deere-apis-serious-food-supply-chain-vulnerabilities-discovered-by-sick-codes-kevin-kenney-willie-cade/ 39 comments netsec
- “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918) https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ 22 comments netsec
- Participate in Apple’s million dollar Bug Bounty program, without a real Mac (throwaway Hackintosh Dockers) https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/ 43 comments netsec
- Finding a Vulnerability in Teamwork Cloud Server (NoMagic, 3DS), Which Is Used By Gov/Enterprise to Design Rockets, Missiles, and Satellites. https://sick.codes/finding-a-vulnerability-in-teamwork-cloud-server-nomagic-3ds-which-is-used-by-gov-enterprise-to-design-rockets-missiles-and-satellites/ 10 comments netsec
- Extraordinary Vulnerabilities Discovered in TCL Android TVs, Now World’s 3rd Largest TV Manufacturer. https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/ 108 comments netsec
- Brave Browser Potentially Logs The Last Time A Tor Window Was Used https://sick.codes/sick-2020-013/ 5 comments privacy
- Mass produced TV Boxes + IoT Security don't mix: The TV Box market is a complete joke. Pre-rooted android devices, ransomware-ready, vulnerable, adb always on, social logins, play store accounts, Netflix accounts, sibling/spouse/neighbor can hack your accounts. https://sick.codes/sick-2020-004/ 47 comments netsec