Alexandr "Sh2kerr" Polyakov

12 exploits Active since Oct 2007
CVE-2007-6544 EXPLOITDB perl WORKING POC
RunCMS <1.6.1 - SQL Injection
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
CVE-2007-6544 EXPLOITDB perl WORKING POC
RunCMS <1.6.1 - SQL Injection
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
CVE-2008-0339 EXPLOITDB WORKING POC
Oracle Database <10.2.0.3 - Unknown Vuln
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
EIP-2026-103797 EXPLOITDB text WORKING POC
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (1)
CVE-2008-3983 EXPLOITDB text WORKING POC
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.
CVE-2008-3984 EXPLOITDB text WORKING POC
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.
EIP-2026-103614 EXPLOITDB WORKING POC
Oracle 10g R1 - xdb.xdb_pitrig_pkg Buffer Overflow (PoC)
EIP-2026-103801 EXPLOITDB WORKING POC
Oracle 10g R1 - 'PITRIG_TRUNCATE' Get Users Hash / PL/SQL Injection
EIP-2026-103802 EXPLOITDB WORKING POC
Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (Change Sys Password)
EIP-2026-103800 EXPLOITDB WORKING POC
Oracle 10g R1 - 'pitrig_drop' Get Users Hash / PL/SQL Injection
CVE-2007-5508 EXPLOITDB text WORKING POC
Oracle Database Server - SQL Injection
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
CVE-2007-5511 EXPLOITDB text WORKING POC
Oracle Database Server - SQL Injection
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.