Jouko Pynnonen

10 exploits Active since Feb 2001
CVE-2015-2314 EXPLOITDB WRITEUP
WPML < 3.1.8 - SQL Injection via HTTP Referer Header
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
CVE-2015-2315 EXPLOITDB WRITEUP
WPML < 3.1.8 - Cross-Site Scripting via Reminder Popup Target Parameter
Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.
CVE-2015-1126 METASPLOIT ruby WORKING POC
Apple iOS < 8.3 and Safari < 6.2.5 - Remote Resource Access via FTP URL Userinfo Field
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
CVE-2003-0113 EXPLOITDB perl WORKING POC
Microsoft IE - Buffer Overflow
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
CVE-2001-0722 EXPLOITDB text WORKING POC
Internet Explorer <6.1 - Info Disclosure
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
CVE-2004-2280 EXPLOITDB text WORKING POC
IBM Lotus Notes <6.5.3, <6.0.5 - Buffer Overflow
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
CVE-2015-2791 EXPLOITDB text WRITEUP
WPML < 3.1.8 - Unauthenticated Arbitrary Post Deletion via Menu Sync Function
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
EIP-2026-107361 EXPLOITDB bash WORKING POC
Geeklog 1.3.8 - Forgot Password SQL Injection
CVE-2001-0034 EXPLOITDB text WRITEUP
KTH Kerberos IV - Privilege Escalation
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
CVE-2004-1029 EXPLOITDB text WRITEUP
JDK 1.4.2_01 and 1.4.2_04 - Remote Code Execution via Java Plugin Reflection API
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.