Aliaksandr Hartsuyeu

83 exploits Active since Jan 2006
CVE-2011-1060 EXPLOITDB text WRITEUP
WSN Guest 1.24 - SQL Injection via wsnuser Cookie
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
EIP-2026-113436 EXPLOITDB text WORKING POC
WikLink 0.1.3 - Multiple SQL Injections
EIP-2026-113435 EXPLOITDB text WORKING POC
WikLink 0.1.3 - 'getURL.php' SQL Injection
CVE-2006-1543 EXPLOITDB text WORKING POC
VNews 1.2 - SQL Injection via loginvar Parameter
Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php.
CVE-2006-0160 EXPLOITDB text WORKING POC
Venom Board 1.22 - SQL Injection via parent root or topic_id Parameters
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.
CVE-2006-0324 EXPLOITDB text WORKING POC
WebspotBlogging 3.0 - SQL Injection via Login Username Parameter
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.
EIP-2026-113392 EXPLOITDB text WORKING POC
Wernhart Guestbook 2001.03.28 - Multiple SQL Injections
EIP-2026-113041 EXPLOITDB text WORKING POC
VEGO Links Builder 2.0 Login Script - SQL Injection
EIP-2026-113040 EXPLOITDB text WORKING POC
Vegas Forum 1.0 - 'Forumlib.php' SQL Injection
EIP-2026-113042 EXPLOITDB text WORKING POC
VEGO Web Forum 1.x - Theme_ID SQL Injection
CVE-2006-0103 EXPLOITDB text WRITEUP
TinyPHPForum <= 3.6 - Unauthenticated Exposure of Sensitive User Information via Web-Accessible Hash and Email Files
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.
CVE-2006-0135 EXPLOITDB text WRITEUP
TheWebForum < 1.2.1 - SQL Injection via Login Username Parameter
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).
CVE-2006-0209 EXPLOITDB text WORKING POC
TankLogger 2.4 - SQL Injection via livestock_id or tank_id Parameter
SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php.
CVE-2006-0491 EXPLOITDB text WORKING POC
szusermgnt 1.4 - SQL Injection via Username Parameter
SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0691 EXPLOITDB text WRITEUP
TTS Time Tracking Software 3.0 - RCE
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.
EIP-2026-112301 EXPLOITDB text WORKING POC
Social Share - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112298 EXPLOITDB text WRITEUP
Social Share - 'search' Cross-Site Scripting
EIP-2026-112299 EXPLOITDB text WRITEUP
Social Share - 'Username' SQL Injection
EIP-2026-112212 EXPLOITDB text WRITEUP
slickMsg - Cross-Site Scripting / HTML Injection
EIP-2026-112213 EXPLOITDB text WRITEUP
slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting
EIP-2026-112300 EXPLOITDB text WRITEUP
Social Share - 'vote.php' HTTP Response Splitting
EIP-2026-112297 EXPLOITDB text WORKING POC
Social Share - 'postid' SQL Injection
CVE-2006-1568 EXPLOITDB text WRITEUP
RedCMS 0.1 - Cross-Site Scripting via Email, Location, or Website Parameters
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
CVE-2006-0345 EXPLOITDB text WRITEUP
SaralBlog 1.0 - SQL Injection via Search Parameter
Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058.
CVE-2006-0079 EXPLOITDB text WORKING POC
ScozNet ScozBook BETA 1.1 - SQL Injection via Username Field
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable).