• Home
  • About
  • Research
  • Blog
  • Services
  • Home
  • About
  • Research
  • Blog
  • Services

Security Research

This section details organizations hacked and lists my relevant CVES. The list will usually be incomplete due to NDA.



  • Organizations Hacked
    Practice Fusion
    Practice Fusion
    Department of State
    Department of State
    State of Iowa
    State of Iowa
    John Deere
    John Deere
    Scott's Miracle Grow
    Scott's Miracle Grow
    Ubisoft
    Ubisoft
    Walmart
    Walmart
    iFood
    iFood
    Uber
    Uber
    Monash University
    Monash University
    Government of India
    Government of India
    Ford
    Ford
    Department of Homeland Security
    Department of Homeland Security
    United Nations Environment Programme
    United Nations Environment Programme
    International Labour Organization
    International Labour Organization
    Keybase
    Keybase
    Twitter
    Twitter
    Parler
    Parler
    TCL
    TCL
    Jack Daniel's
    Jack Daniel's
    Credit Karma
    Credit Karma
    Dell
    Dell
    Twilio SendGrid
    Twilio SendGrid
    Talkspace
    Talkspace
    Opera
    Opera
    Neopets
    Neopets
    Zynga
    Zynga
    Tripadvisor
    Tripadvisor
    Telefónica
    Telefónica
    Upwork
    Upwork
    SurveyMonkey
    SurveyMonkey
    HealthifyMe
    HealthifyMe
    AppsFlyer
    AppsFlyer
  • CVEs
    CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16 CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16
    CVE-2021-45919: Studio 42 elFinder ≤ 2.1.31 Stored Cross-Site Scripting CVE-2021-45919: Studio 42 elFinder ≤ 2.1.31 Stored Cross-Site Scripting
    CVE-2021-3442: Keybase Exposure of Sensitive Information to an Unauthorized Actor CVE-2021-3442: Keybase Exposure of Sensitive Information to an Unauthorized Actor
    CVE-2021-43032: XenForo ≤ 2.2.7 Stored XSS CVE-2021-43032: XenForo ≤ 2.2.7 Stored XSS
    CVE-2021-40875: Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulting in sensitive information exposure CVE-2021-40875: Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulting in sensitive information exposure
    CVE-2021-24495: Marmoset Viewer WordPress plugin < 1.9.3 Reflected XSS CVE-2021-24495: Marmoset Viewer WordPress plugin < 1.9.3 Reflected XSS
    CVE-2021-29662: Perl Data::Validate::IP Module Access Control Bypass CVE-2021-29662: Perl Data::Validate::IP Module Access Control Bypass
    CVE-2021-27653: Pega Systems Improper Access Control CVE-2021-27653: Pega Systems Improper Access Control
    CVE-2021-28918: npm Netmask SSRF Bypass CVE-2021-28918: npm Netmask SSRF Bypass
    CVE-2021-23827: Keybase Client Cleartext Storage of Sensitive Information CVE-2021-23827: Keybase Client Cleartext Storage of Sensitive Information
    CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel
    CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home) CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)
    CVE-2020-27403: TCL Android Smart TV Exposed File System Via HTTP CVE-2020-27403: TCL Android Smart TV Exposed File System Via HTTP
    CVE-2020-28055: TCL Android Smart TV File Write Local Privilege Escalation CVE-2020-28055: TCL Android Smart TV File Write Local Privilege Escalation
Creative Commons CC-BY 2020 John Jackson