John J Hacking

Security Research

This section details organizations hacked and lists my relevant CVES. The list will usually be incomplete due to NDA.

Organizations Hacked

Practice Fusion

Department of State

State of Iowa

John Deere

Scott's Miracle Grow

Ubisoft

Walmart

iFood

Uber

Monash University

Government of India

Ford

Department of Homeland Security

United Nations Environment Programme

International Labour Organization

Keybase

Twitter

Parler

TCL

Jack Daniel's

Credit Karma

Dell

Twilio SendGrid

Talkspace

Opera

Neopets

Zynga

Tripadvisor

Telefónica

Upwork

SurveyMonkey

HealthifyMe

AppsFlyer

CVEs

CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16

CVE-2021-45919: Studio 42 elFinder ≤ 2.1.31 Stored Cross-Site Scripting

CVE-2021-3442: Keybase Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-43032: XenForo ≤ 2.2.7 Stored XSS

CVE-2021-40875: Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulting in sensitive information exposure

CVE-2021-24495: Marmoset Viewer WordPress plugin < 1.9.3 Reflected XSS

CVE-2021-29662: Perl Data::Validate::IP Module Access Control Bypass

CVE-2021-27653: Pega Systems Improper Access Control

CVE-2021-28918: npm Netmask SSRF Bypass

CVE-2021-23827: Keybase Client Cleartext Storage of Sensitive Information

CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel

CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)

CVE-2020-27403: TCL Android Smart TV Exposed File System Via HTTP

CVE-2020-28055: TCL Android Smart TV File Write Local Privilege Escalation