Aliaksandr Hartsuyeu

83 exploits Active since Jan 2006
CVE-2006-1568 EXPLOITDB text WRITEUP
RedCMS 0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
CVE-2006-1569 EXPLOITDB text WORKING POC
RedCMS 0.1 - SQL Injection
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php.
CVE-2006-1569 EXPLOITDB text WORKING POC
RedCMS 0.1 - SQL Injection
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php.
CVE-2006-0461 EXPLOITDB text WORKING POC
Pmachine Expressionengine - XSS
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
CVE-2006-0409 EXPLOITDB text WRITEUP
Pixelpost Photoblog - XSS
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
CVE-2006-0066 EXPLOITDB text WORKING POC
PHPjournaler 1.0 - SQL Injection
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter.
CVE-2006-0075 EXPLOITDB text WORKING POC
phpBook <1.3.2 - Code Injection
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
CVE-2006-4504 EXPLOITDB text WORKING POC
Nx5linx - SQL Injection
SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters.
CVE-2006-0076 EXPLOITDB text WRITEUP
oaBoard 1.0 - RCE
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
CVE-2006-4505 EXPLOITDB text WRITEUP
NX5Linx 1.0 - HTTP Response Splitting
CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
CVE-2006-0473 EXPLOITDB text WRITEUP
MY Little Homepage MY Little Weblog - XSS
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
CVE-2006-0167 EXPLOITDB text WORKING POC
Myphpim - SQL Injection
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.
CVE-2006-0735 EXPLOITDB text WRITEUP
Fuzzymonkey MY Blog - XSS
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
CVE-2006-0167 EXPLOITDB text WORKING POC
Myphpim - SQL Injection
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.
CVE-2006-1755 EXPLOITDB text WORKING POC
MD News < - SQL Injection
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0673 EXPLOITDB text WORKING POC
Reamday Enterprises Magic Calendar Lite - SQL Injection
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.
CVE-2006-1334 EXPLOITDB text WORKING POC
Maian Weblog 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
CVE-2006-1334 EXPLOITDB text WORKING POC
Maian Weblog 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
CVE-2006-1979 EXPLOITDB text WRITEUP
Manic WEB Mwguest - XSS
Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.
CVE-2006-0234 EXPLOITDB text WORKING POC
Microblog - SQL Injection
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
CVE-2006-0417 EXPLOITDB text WORKING POC
Mywebland Minibloggie < 1.0 - SQL Injection
SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.
EIP-2026-107668 EXPLOITDB text WRITEUP
HTML::BBCode 1.03/1.04 - HTML Injection
CVE-2006-0074 EXPLOITDB text WORKING POC
PHPenpals - SQL Injection
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
CVE-2006-0088 EXPLOITDB text WORKING POC
Intouch - SQL Injection
SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2006-0249 EXPLOITDB text WORKING POC
Bitdamaged Geoblog - SQL Injection
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).