Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

Files from Jouko Pynnonen

Real NameJouko Pynnönen
Email addressprivate
Websiteklikki.info
First Active2000-09-19
Last Active2015-04-27
View User Profile
WordPress 4.2 Cross Site Scripting
Posted Apr 27, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 27519b865c9c00195a89fd8e9072caba
WordPress Yoast Google Analytics Cross Site Scripting
Posted Apr 21, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a3ca19bfeb8216dbb6bbe695834f4ee9
Safari Cross-Domain Hijacking
Posted Apr 12, 2015
Authored by Jouko Pynnonen | Site klikki.fi

Details are included in this document for the 04/08/2015 path for Safari that addressed a cross-domain vulnerability.

tags | exploit
MD5 | 13c140797f94a16300b76b43d2797ba2
Yoast Google Analytics Stored Cross Site Scripting
Posted Mar 20, 2015
Authored by Jouko Pynnonen | Site klikki.fi

The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5685c927d3a6f1b4721f023d1a424a8d
WordPress WPML Missing Authentication
Posted Mar 14, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress WPML plugin versions prior to 3.1.9 have unauthenticated administrative functions.

tags | exploit
MD5 | e49a6281930bce4df887f454ca5a5504
WordPress WPML XSS / Deletion / SQL Injection
Posted Mar 13, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress WPML plugin versions prior to 3.1.9.1 suffer from remote SQL injection, cross site scripting, and page/post/menu deletion vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a22d22991a043270f96f8e41fed347f9
WordPress 3.9.2 Cross Site Scripting
Posted Nov 21, 2014
Authored by Jouko Pynnonen | Site klikki.fi

A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.

tags | advisory, javascript, xss
MD5 | 0f7f12faafeedc2e7b0977984f3b5a0a
facebook-inject.txt
Posted Jul 10, 2008
Authored by Jouko Pynnonen | Site klikki.fi

Multiple Facebook script insertion vulnerabilities have been recently discovered.

tags | advisory, vulnerability
MD5 | 90ab81a70a18711008cf9faf9aced85a
facebook-xss.txt
Posted Jun 20, 2008
Authored by Jouko Pynnonen | Site klikki.fi

The Facebook fb:silverlight FBML tag suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
MD5 | ceb2553c62df84f3c436e234aeac382b
lotusApplets.txt
Posted Oct 12, 2006
Authored by Jouko Pynnonen | Site klikki.fi

Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.

tags | advisory, java, vulnerability
MD5 | 62b31aee8f7e335e5bf9356eca15eae2
javaWebStart.txt
Posted Mar 22, 2005
Authored by Jouko Pynnonen | Site klikki.fi

Java Web Start has a vulnerability in the way it handles Java system properties defined in JNLP files. Java Web Start in J2SE 1.4.2 releases prior 1.4.2_07 are vulnerable.

tags | advisory, java, web
MD5 | 4f32e9a7fd5480354d5daa13cefc7891
sunjava.txt
Posted Dec 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox. The attack can be launched when a victim views a web page created by the attacker. Further user interaction is not required as Java Applets are normally loaded and started automatically. Versions affected are below 1.4.2_06.

tags | advisory, java, web
MD5 | cfc32dc03acc5ffbde59bf5570ae0aca
iDEFENSE Security Advisory 2004-11-22.t
Posted Nov 24, 2004
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 11.22.04 - J2SE prior to v1.4.2_06 contains serious remote vulnerabilities which allow applets loaded in browsers to load an unsafe class, and write to any file on a users system. IE, Mozilla, and Firefox can lead to compromise on Linux and Windows systems if a malicious web page is loaded.

tags | advisory, remote, web, vulnerability
systems | linux, windows
advisories | CVE-2004-1029
MD5 | 589ce64427e67a02d8109eeaf1fd0809
lotus.inject.txt
Posted Jun 27, 2004
Authored by Jouko Pynnonen | Site klikki.fi

During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.

tags | advisory, arbitrary, registry
systems | windows
MD5 | 2fd0f23c99e3a334d8b5d70d022b19b8
outlook032004.txt
Posted Mar 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

Microsoft Outlook contains a vulnerability which allows execution of arbitrary code when a victim user views a web page or an e-mail message created by an attacker. According to Microsoft the affected supported versions are Microsoft Office XP SP2 and Microsoft Outlook 2002 SP 2. Some earlier versions are vulnerable too, but not supported by the vendor.

tags | advisory, web, arbitrary
MD5 | a786f33a68425d0d583bd412ca29aeb1
realplayer.traversal.txt
Posted Feb 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.

tags | advisory, remote
MD5 | 71432a1df8d16c4d162d0cbfbcef0b60
opera722.txt
Posted Nov 25, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Two vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.

tags | advisory, web, overflow, vulnerability
MD5 | 8021b039c337a9b27a5ea27d4cc63157
iDEFENSE Security Advisory 2003-07-29.t
Posted Jul 29, 2003
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 07.29.03: A locally exploitable buffer overflow exists in the ld.so.1 dynamic runtime linker in Sun's Solaris operating system. The LD_PRELOAD variable can be passed a large value, which will cause the runtime linker to overflow a stack based buffer.

tags | advisory, overflow
systems | solaris
advisories | CVE-2003-0609
MD5 | e72d48324cb88671474e05cf35b5582b
wmedia.skin.txt
Posted May 9, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.

tags | advisory, web, arbitrary
systems | windows
MD5 | 29c1ca44e838d70bd75e8ead3c24ff0e
tomcat-null-byte.txt
Posted Jan 31, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.

tags | advisory
MD5 | 0711dd25c34bb121e569a2a04f39eb7e
ncurses-overflow.txt
Posted Oct 11, 2000
Authored by Jouko Pynnonen | Site klikki.fi

The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.

tags | exploit, overflow
systems | linux, redhat, freebsd, suse, openbsd
MD5 | c3b548c12a83e24f6f0c3e86a37ac41c
klogd-linux.txt
Posted Sep 19, 2000
Authored by Jouko Pynnonen | Site klikki.fi

Kernel logging daemon klogd in the sysklogd package for Linux contains a "format bug" making it vulnerable to local root compromise (successfully tested on Linux/x86). There's also a possibility for remote vulnerability under certain (rather unprobable) circumstances and a more probable semi-remote exploitableness with knfsd.

tags | exploit, remote, x86, kernel, local, root
systems | linux
MD5 | b952c5401dce463209aa95939835ebe9
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close