Exploit Title: Smart Google Code Inserter < 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/ Software Link: https://wordpress.org/plugins/smart-google-code-inserter/ Version: ...

I have recently got to know of the igloohome digital lock. It is completely offline and connects to the app via bluetooth only. No internet connection. One of the most puzzling features is that the owner can remotely generate a PIN code, valid for a certain duration, and have it be effective ...

SEC660 I recently had the opportunity to attend the SANS SEC660 course held in Singapore in October 2017. The course was conducted by Tim Medin and covered advanced penetration testing and exploit writing. SEC660 started off introducing ARP spoofing, SSL striping and IPv6 router advertisements ...

The possible XSS vulnerability can be found in version 3.1.1 of the Piwik software itself. The getHostname() function in piwik/vendor/piwik/network/src/IP.php does not sanitize the hostname before returning the value. This results in a possible XSS if Piwik itself or any plugins use the output ...

Exploit Title: Simple Student Result < 1.6.4 - Auth Bypass Google Dork: inurl:wp-content/plugins/simple-student-result Date: 21-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://ssr.saadamin.com/ Software Link: https://wordpress.org/plugins/simple-student-result/ Version: < 1.6.4 ...

Exploit Title: Wordpress Plugin Participants Database < 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link: https://wordpress.org/plugins/participants-database/ Version: ...