what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files from Jouko Pynnonen

Real NameJouko Pynnönen
Email addressprivate
Websiteklikki.info
First Active2000-09-19
Last Active2015-04-27
View User Profile
WordPress 4.2 Cross Site Scripting
Posted Apr 27, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ef94590cf5768ff21a652878473304f3150a74395f438f8b10ecd2800eee2c48
WordPress Yoast Google Analytics Cross Site Scripting
Posted Apr 21, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8
Safari Cross-Domain Hijacking
Posted Apr 12, 2015
Authored by Jouko Pynnonen | Site klikki.fi

Details are included in this document for the 04/08/2015 path for Safari that addressed a cross-domain vulnerability.

tags | exploit
SHA-256 | 9f8ec067d40310ecc23e25b016e3f45ab775e1b132ddc241efdac303005fee15
Yoast Google Analytics Stored Cross Site Scripting
Posted Mar 20, 2015
Authored by Jouko Pynnonen | Site klikki.fi

The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06a
WordPress WPML Missing Authentication
Posted Mar 14, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress WPML plugin versions prior to 3.1.9 have unauthenticated administrative functions.

tags | exploit
SHA-256 | 0a2518539a06a70aa78f5740edcb4275c2176dc14cbf7201657500421e52a7bd
WordPress WPML XSS / Deletion / SQL Injection
Posted Mar 13, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress WPML plugin versions prior to 3.1.9.1 suffer from remote SQL injection, cross site scripting, and page/post/menu deletion vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ba54a3b1a46db6292b5bd15e0b1a454fed02128f7e7bf7ce3995d4fa7d872962
WordPress 3.9.2 Cross Site Scripting
Posted Nov 21, 2014
Authored by Jouko Pynnonen | Site klikki.fi

A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.

tags | advisory, javascript, xss
SHA-256 | 02864c8b1d8ce4fe8f2269a04a424fa54ebc581ac541b6681c57d7abdb8251f1
facebook-inject.txt
Posted Jul 10, 2008
Authored by Jouko Pynnonen | Site klikki.fi

Multiple Facebook script insertion vulnerabilities have been recently discovered.

tags | advisory, vulnerability
SHA-256 | 0b280c47896700599c8eea79d7d24afcb7ccd9a99aec5d9ec811ed9aaf8db8b2
facebook-xss.txt
Posted Jun 20, 2008
Authored by Jouko Pynnonen | Site klikki.fi

The Facebook fb:silverlight FBML tag suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 12ce66213e05ec6e311c300a52ea6a73436286c058c21c6733c9f54c32e0d897
lotusApplets.txt
Posted Oct 12, 2006
Authored by Jouko Pynnonen | Site klikki.fi

Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.

tags | advisory, java, vulnerability
SHA-256 | 188ae90a30e7d9541579af061add5af04f503a733924b2d8a5170fb390ddfcc7
javaWebStart.txt
Posted Mar 22, 2005
Authored by Jouko Pynnonen | Site klikki.fi

Java Web Start has a vulnerability in the way it handles Java system properties defined in JNLP files. Java Web Start in J2SE 1.4.2 releases prior 1.4.2_07 are vulnerable.

tags | advisory, java, web
SHA-256 | 7b55e1edf101d62651e22316ec22895bf6bf5ef0afb47130e02250fe4324a5ed
sunjava.txt
Posted Dec 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox. The attack can be launched when a victim views a web page created by the attacker. Further user interaction is not required as Java Applets are normally loaded and started automatically. Versions affected are below 1.4.2_06.

tags | advisory, java, web
SHA-256 | 3fc1aebf9c24ebd6d4a7590deec5c1bd21fa4d2e6d42b587ee39c12de45f3036
iDEFENSE Security Advisory 2004-11-22.t
Posted Nov 24, 2004
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 11.22.04 - J2SE prior to v1.4.2_06 contains serious remote vulnerabilities which allow applets loaded in browsers to load an unsafe class, and write to any file on a users system. IE, Mozilla, and Firefox can lead to compromise on Linux and Windows systems if a malicious web page is loaded.

tags | advisory, remote, web, vulnerability
systems | linux, windows
advisories | CVE-2004-1029
SHA-256 | b770dc7b3597a8eddba091ed48f8c2ebe227fb5643add55bafe7f720d7437c26
lotus.inject.txt
Posted Jun 27, 2004
Authored by Jouko Pynnonen | Site klikki.fi

During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.

tags | advisory, arbitrary, registry
systems | windows
SHA-256 | 7f1d5d7fa6e4854573d335dc29ba01617e06478c0fbeabab00dc2a8338959037
outlook032004.txt
Posted Mar 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

Microsoft Outlook contains a vulnerability which allows execution of arbitrary code when a victim user views a web page or an e-mail message created by an attacker. According to Microsoft the affected supported versions are Microsoft Office XP SP2 and Microsoft Outlook 2002 SP 2. Some earlier versions are vulnerable too, but not supported by the vendor.

tags | advisory, web, arbitrary
SHA-256 | a99f1c18ee04688594c6a52ed176afb519764b78f2f8e40fa19a9bee468e49b3
realplayer.traversal.txt
Posted Feb 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.

tags | advisory, remote
SHA-256 | d25313a1a0f691a8c4a75087079a2a861c83f7292dfcc16b5045c7d5b0ef2c7a
opera722.txt
Posted Nov 25, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Two vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.

tags | advisory, web, overflow, vulnerability
SHA-256 | 1fe7a3b278a5f299a11bc53c79e45f6df58c6100dbd0c6ca31456d8ee6312569
iDEFENSE Security Advisory 2003-07-29.t
Posted Jul 29, 2003
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 07.29.03: A locally exploitable buffer overflow exists in the ld.so.1 dynamic runtime linker in Sun's Solaris operating system. The LD_PRELOAD variable can be passed a large value, which will cause the runtime linker to overflow a stack based buffer.

tags | advisory, overflow
systems | solaris
advisories | CVE-2003-0609
SHA-256 | d8980a0f0ad83ec39a5c9e1bb61a448ba42a0962cdcf38b33b5dde750fc4a931
wmedia.skin.txt
Posted May 9, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.

tags | advisory, web, arbitrary
systems | windows
SHA-256 | 6830f8477260f63dd614d39ad9542f854621edd6549ee5f678a0dddd09b987a6
tomcat-null-byte.txt
Posted Jan 31, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.

tags | advisory
SHA-256 | d53725d1e508b8d13aaa142c7e45373e1c4216348fe76af9dc8196021b9abf4b
ncurses-overflow.txt
Posted Oct 11, 2000
Authored by Jouko Pynnonen | Site klikki.fi

The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.

tags | exploit, overflow
systems | linux, redhat, freebsd, suse, openbsd
SHA-256 | cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257
klogd-linux.txt
Posted Sep 19, 2000
Authored by Jouko Pynnonen | Site klikki.fi

Kernel logging daemon klogd in the sysklogd package for Linux contains a "format bug" making it vulnerable to local root compromise (successfully tested on Linux/x86). There's also a possibility for remote vulnerability under certain (rather unprobable) circumstances and a more probable semi-remote exploitableness with knfsd.

tags | exploit, remote, x86, kernel, local, root
systems | linux
SHA-256 | 2ecbd0ed65cc65018f64e392edb56708bf8a2ff389e963f1c9c260946bd00f25
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close