Jouko Pynnonen

10 exploits Active since Feb 2001
CVE-2015-2314 EXPLOITDB WRITEUP
Wpml < 3.1.8 - SQL Injection
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
CVE-2015-2315 EXPLOITDB WRITEUP
Wpml < 3.1.8 - XSS
Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.
CVE-2015-1126 METASPLOIT ruby WORKING POC
WebKit - Info Disclosure
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
CVE-2003-0113 EXPLOITDB perl WORKING POC
Microsoft IE - Buffer Overflow
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
CVE-2001-0722 EXPLOITDB text WORKING POC
Internet Explorer <6.1 - Info Disclosure
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
CVE-2004-2280 EXPLOITDB text WORKING POC
IBM Lotus Notes <6.5.3, <6.0.5 - Buffer Overflow
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
CVE-2015-2791 EXPLOITDB text WRITEUP
Wpml < 3.1.8 - Access Control
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
EIP-2026-107361 EXPLOITDB bash WORKING POC
Geeklog 1.3.8 - Forgot Password SQL Injection
CVE-2001-0034 EXPLOITDB text WRITEUP
KTH Kerberos IV - Privilege Escalation
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
CVE-2004-1029 EXPLOITDB text WRITEUP
Java JRE <1.4.2.04 - RCE
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.