Real Name | Jouko Pynnönen |
---|---|
Email address | private |
Website | klikki.info |
First Active | 2000-09-19 |
Last Active | 2024-08-31 |
A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
4a33fb3750429fbc48b60b65f9266ada10b36414af7a3f3d44b49aac0e5a6e4f
WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.
ef94590cf5768ff21a652878473304f3150a74395f438f8b10ecd2800eee2c48
WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.
6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8
Details are included in this document for the 04/08/2015 path for Safari that addressed a cross-domain vulnerability.
9f8ec067d40310ecc23e25b016e3f45ab775e1b132ddc241efdac303005fee15
The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.
d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06a
WordPress WPML plugin versions prior to 3.1.9 have unauthenticated administrative functions.
0a2518539a06a70aa78f5740edcb4275c2176dc14cbf7201657500421e52a7bd
WordPress WPML plugin versions prior to 3.1.9.1 suffer from remote SQL injection, cross site scripting, and page/post/menu deletion vulnerabilities.
ba54a3b1a46db6292b5bd15e0b1a454fed02128f7e7bf7ce3995d4fa7d872962
A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.
02864c8b1d8ce4fe8f2269a04a424fa54ebc581ac541b6681c57d7abdb8251f1
Multiple Facebook script insertion vulnerabilities have been recently discovered.
0b280c47896700599c8eea79d7d24afcb7ccd9a99aec5d9ec811ed9aaf8db8b2
The Facebook fb:silverlight FBML tag suffers from a persistent cross site scripting vulnerability.
12ce66213e05ec6e311c300a52ea6a73436286c058c21c6733c9f54c32e0d897
Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.
188ae90a30e7d9541579af061add5af04f503a733924b2d8a5170fb390ddfcc7
Java Web Start has a vulnerability in the way it handles Java system properties defined in JNLP files. Java Web Start in J2SE 1.4.2 releases prior 1.4.2_07 are vulnerable.
7b55e1edf101d62651e22316ec22895bf6bf5ef0afb47130e02250fe4324a5ed
A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox. The attack can be launched when a victim views a web page created by the attacker. Further user interaction is not required as Java Applets are normally loaded and started automatically. Versions affected are below 1.4.2_06.
3fc1aebf9c24ebd6d4a7590deec5c1bd21fa4d2e6d42b587ee39c12de45f3036
iDEFENSE Security Advisory 11.22.04 - J2SE prior to v1.4.2_06 contains serious remote vulnerabilities which allow applets loaded in browsers to load an unsafe class, and write to any file on a users system. IE, Mozilla, and Firefox can lead to compromise on Linux and Windows systems if a malicious web page is loaded.
b770dc7b3597a8eddba091ed48f8c2ebe227fb5643add55bafe7f720d7437c26
During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.
7f1d5d7fa6e4854573d335dc29ba01617e06478c0fbeabab00dc2a8338959037
Microsoft Outlook contains a vulnerability which allows execution of arbitrary code when a victim user views a web page or an e-mail message created by an attacker. According to Microsoft the affected supported versions are Microsoft Office XP SP2 and Microsoft Outlook 2002 SP 2. Some earlier versions are vulnerable too, but not supported by the vendor.
a99f1c18ee04688594c6a52ed176afb519764b78f2f8e40fa19a9bee468e49b3
When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.
d25313a1a0f691a8c4a75087079a2a861c83f7292dfcc16b5045c7d5b0ef2c7a
Two vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.
1fe7a3b278a5f299a11bc53c79e45f6df58c6100dbd0c6ca31456d8ee6312569
iDEFENSE Security Advisory 07.29.03: A locally exploitable buffer overflow exists in the ld.so.1 dynamic runtime linker in Sun's Solaris operating system. The LD_PRELOAD variable can be passed a large value, which will cause the runtime linker to overflow a stack based buffer.
d8980a0f0ad83ec39a5c9e1bb61a448ba42a0962cdcf38b33b5dde750fc4a931
Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.
6830f8477260f63dd614d39ad9542f854621edd6549ee5f678a0dddd09b987a6
Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.
d53725d1e508b8d13aaa142c7e45373e1c4216348fe76af9dc8196021b9abf4b
The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.
cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257
Kernel logging daemon klogd in the sysklogd package for Linux contains a "format bug" making it vulnerable to local root compromise (successfully tested on Linux/x86). There's also a possibility for remote vulnerability under certain (rather unprobable) circumstances and a more probable semi-remote exploitableness with knfsd.
2ecbd0ed65cc65018f64e392edb56708bf8a2ff389e963f1c9c260946bd00f25