Alexander Antipov

14 exploits Active since Dec 2003
CVE-2004-1563 EXPLOITDB text WRITEUP
W-agora - XSS
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
CVE-2004-1564 EXPLOITDB text WRITEUP
w-Agora 4.1.6a - CRLF Injection
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
CVE-2004-1563 EXPLOITDB text WRITEUP
W-agora - XSS
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
CVE-2004-1563 EXPLOITDB text WRITEUP
W-agora - XSS
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
CVE-2004-1562 EXPLOITDB text WRITEUP
W-agora - SQL Injection
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
EIP-2026-106384 EXPLOITDB text WRITEUP
DCP-Portal 3.7/4.x/5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106385 EXPLOITDB text WORKING POC
DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities
CVE-2004-2511 EXPLOITDB text WRITEUP
DCP-Portal <5.3.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
CVE-2004-2511 EXPLOITDB text WRITEUP
DCP-Portal <5.3.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
CVE-2004-2512 EXPLOITDB text WORKING POC
DCP-Portal <5.3.2 - HTTP Response Splitting
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
CVE-2004-2511 EXPLOITDB text WRITEUP
DCP-Portal <5.3.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
EIP-2026-106383 EXPLOITDB text WRITEUP
DCP-Portal 3.7/4.x/5.x - 'contents.php?cid' Cross-Site Scripting
CVE-2004-1441 EXPLOITDB text WRITEUP
Board Power - XSS
Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2003-1176 EXPLOITDB text WRITEUP
Web Wiz Forums <7.5 - Info Disclosure
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.