Alexandr Polyakov

35 exploits Active since Dec 2007
CVE-2008-0851 EXPLOITDB text WORKING POC
Dokeos e-learning_system 1.8.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
CVE-2008-0360 EXPLOITDB text WRITEUP
BLOG:CMS 4.2.1b - SQL Injection via blogid, user, or field Parameter
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
CVE-2008-0332 EXPLOITDB text WORKING POC
aria 0.99-6 - Path Traversal via Page Parameter
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
CVE-2009-1968 EXPLOITDB text WORKING POC
Oracle Database 10.1.8.3 - Cross-Site Scripting via Secure Enterprise Search Parameter
Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.
CVE-2008-1145 EXPLOITDB text WRITEUP
WEBrick <1.8.5-p115, 1.8.6-p114, 1.9-1.9.0-1 - Path Traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
CVE-2009-1975 EXPLOITDB text WORKING POC
BEA Product Suite 10.3 - Info Disclosure
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.
EIP-2026-103614 EXPLOITDB WORKING POC
Oracle 10g R1 - xdb.xdb_pitrig_pkg Buffer Overflow (PoC)
EIP-2026-102534 EXPLOITDB text WORKING POC
SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting
CVE-2008-0605 EXPLOITDB text WORKING POC
AstroSoft HelpDesk < 1.95.228 - Cross-Site Scripting via txtSearch and Attach_Id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message.
CVE-2008-0605 EXPLOITDB text WORKING POC
AstroSoft HelpDesk < 1.95.228 - Cross-Site Scripting via txtSearch and Attach_Id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message.