what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files from Jouko Pynnonen

Real NameJouko Pynnönen
Email addressprivate
Websiteklikki.info
First Active2000-09-19
Last Active2015-04-27
View User Profile
WordPress 4.2 Cross Site Scripting
Posted Apr 27, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ef94590cf5768ff21a652878473304f3150a74395f438f8b10ecd2800eee2c48
WordPress Yoast Google Analytics Cross Site Scripting
Posted Apr 21, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8
Safari Cross-Domain Hijacking
Posted Apr 12, 2015
Authored by Jouko Pynnonen | Site klikki.fi

Details are included in this document for the 04/08/2015 path for Safari that addressed a cross-domain vulnerability.

tags | exploit
SHA-256 | 9f8ec067d40310ecc23e25b016e3f45ab775e1b132ddc241efdac303005fee15
Yoast Google Analytics Stored Cross Site Scripting
Posted Mar 20, 2015
Authored by Jouko Pynnonen | Site klikki.fi

The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06a
WordPress WPML Missing Authentication
Posted Mar 14, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress WPML plugin versions prior to 3.1.9 have unauthenticated administrative functions.

tags | exploit
SHA-256 | 0a2518539a06a70aa78f5740edcb4275c2176dc14cbf7201657500421e52a7bd
WordPress WPML XSS / Deletion / SQL Injection
Posted Mar 13, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress WPML plugin versions prior to 3.1.9.1 suffer from remote SQL injection, cross site scripting, and page/post/menu deletion vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ba54a3b1a46db6292b5bd15e0b1a454fed02128f7e7bf7ce3995d4fa7d872962
WordPress 3.9.2 Cross Site Scripting
Posted Nov 21, 2014
Authored by Jouko Pynnonen | Site klikki.fi

A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.

tags | advisory, javascript, xss
SHA-256 | 02864c8b1d8ce4fe8f2269a04a424fa54ebc581ac541b6681c57d7abdb8251f1
facebook-inject.txt
Posted Jul 10, 2008
Authored by Jouko Pynnonen | Site klikki.fi

Multiple Facebook script insertion vulnerabilities have been recently discovered.

tags | advisory, vulnerability
SHA-256 | 0b280c47896700599c8eea79d7d24afcb7ccd9a99aec5d9ec811ed9aaf8db8b2
facebook-xss.txt
Posted Jun 20, 2008
Authored by Jouko Pynnonen | Site klikki.fi

The Facebook fb:silverlight FBML tag suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 12ce66213e05ec6e311c300a52ea6a73436286c058c21c6733c9f54c32e0d897
lotusApplets.txt
Posted Oct 12, 2006
Authored by Jouko Pynnonen | Site klikki.fi

Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.

tags | advisory, java, vulnerability
SHA-256 | 188ae90a30e7d9541579af061add5af04f503a733924b2d8a5170fb390ddfcc7
javaWebStart.txt
Posted Mar 22, 2005
Authored by Jouko Pynnonen | Site klikki.fi

Java Web Start has a vulnerability in the way it handles Java system properties defined in JNLP files. Java Web Start in J2SE 1.4.2 releases prior 1.4.2_07 are vulnerable.

tags | advisory, java, web
SHA-256 | 7b55e1edf101d62651e22316ec22895bf6bf5ef0afb47130e02250fe4324a5ed
sunjava.txt
Posted Dec 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox. The attack can be launched when a victim views a web page created by the attacker. Further user interaction is not required as Java Applets are normally loaded and started automatically. Versions affected are below 1.4.2_06.

tags | advisory, java, web
SHA-256 | 3fc1aebf9c24ebd6d4a7590deec5c1bd21fa4d2e6d42b587ee39c12de45f3036
iDEFENSE Security Advisory 2004-11-22.t
Posted Nov 24, 2004
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 11.22.04 - J2SE prior to v1.4.2_06 contains serious remote vulnerabilities which allow applets loaded in browsers to load an unsafe class, and write to any file on a users system. IE, Mozilla, and Firefox can lead to compromise on Linux and Windows systems if a malicious web page is loaded.

tags | advisory, remote, web, vulnerability
systems | linux, windows
advisories | CVE-2004-1029
SHA-256 | b770dc7b3597a8eddba091ed48f8c2ebe227fb5643add55bafe7f720d7437c26
lotus.inject.txt
Posted Jun 27, 2004
Authored by Jouko Pynnonen | Site klikki.fi

During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.

tags | advisory, arbitrary, registry
systems | windows
SHA-256 | 7f1d5d7fa6e4854573d335dc29ba01617e06478c0fbeabab00dc2a8338959037
outlook032004.txt
Posted Mar 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

Microsoft Outlook contains a vulnerability which allows execution of arbitrary code when a victim user views a web page or an e-mail message created by an attacker. According to Microsoft the affected supported versions are Microsoft Office XP SP2 and Microsoft Outlook 2002 SP 2. Some earlier versions are vulnerable too, but not supported by the vendor.

tags | advisory, web, arbitrary
SHA-256 | a99f1c18ee04688594c6a52ed176afb519764b78f2f8e40fa19a9bee468e49b3
realplayer.traversal.txt
Posted Feb 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.

tags | advisory, remote
SHA-256 | d25313a1a0f691a8c4a75087079a2a861c83f7292dfcc16b5045c7d5b0ef2c7a
opera722.txt
Posted Nov 25, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Two vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.

tags | advisory, web, overflow, vulnerability
SHA-256 | 1fe7a3b278a5f299a11bc53c79e45f6df58c6100dbd0c6ca31456d8ee6312569
iDEFENSE Security Advisory 2003-07-29.t
Posted Jul 29, 2003
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 07.29.03: A locally exploitable buffer overflow exists in the ld.so.1 dynamic runtime linker in Sun's Solaris operating system. The LD_PRELOAD variable can be passed a large value, which will cause the runtime linker to overflow a stack based buffer.

tags | advisory, overflow
systems | solaris
advisories | CVE-2003-0609
SHA-256 | d8980a0f0ad83ec39a5c9e1bb61a448ba42a0962cdcf38b33b5dde750fc4a931
wmedia.skin.txt
Posted May 9, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.

tags | advisory, web, arbitrary
systems | windows
SHA-256 | 6830f8477260f63dd614d39ad9542f854621edd6549ee5f678a0dddd09b987a6
tomcat-null-byte.txt
Posted Jan 31, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.

tags | advisory
SHA-256 | d53725d1e508b8d13aaa142c7e45373e1c4216348fe76af9dc8196021b9abf4b
ncurses-overflow.txt
Posted Oct 11, 2000
Authored by Jouko Pynnonen | Site klikki.fi

The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.

tags | exploit, overflow
systems | linux, redhat, freebsd, suse, openbsd
SHA-256 | cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257
klogd-linux.txt
Posted Sep 19, 2000
Authored by Jouko Pynnonen | Site klikki.fi

Kernel logging daemon klogd in the sysklogd package for Linux contains a "format bug" making it vulnerable to local root compromise (successfully tested on Linux/x86). There's also a possibility for remote vulnerability under certain (rather unprobable) circumstances and a more probable semi-remote exploitableness with knfsd.

tags | exploit, remote, x86, kernel, local, root
systems | linux
SHA-256 | 2ecbd0ed65cc65018f64e392edb56708bf8a2ff389e963f1c9c260946bd00f25
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close