Aliaksandr Hartsuyeu

83 exploits Active since Jan 2006
CVE-2006-1568 EXPLOITDB text WRITEUP
RedCMS 0.1 - Cross-Site Scripting via Email, Location, or Website Parameters
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
CVE-2006-1569 EXPLOITDB text WORKING POC
RedCMS 0.1 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php.
CVE-2006-1569 EXPLOITDB text WORKING POC
RedCMS 0.1 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php.
CVE-2006-0461 EXPLOITDB text WORKING POC
ExpressionEngine 1.4.1 - Cross-Site Scripting via HTTP_REFERER Header
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
CVE-2006-0409 EXPLOITDB text WRITEUP
Pixelpost Photoblog 1.4.3 - Stored Cross-Site Scripting via Add Comment Field
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
CVE-2006-0066 EXPLOITDB text WORKING POC
phpjournaler 1.0 - SQL Injection via readold Parameter
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter.
CVE-2006-0075 EXPLOITDB text WORKING POC
GNU phpBook <= 1.3.2 - Remote Code Execution via Email Field
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
CVE-2006-4504 EXPLOITDB text WORKING POC
nx5linx 1.0 - SQL Injection via c and l Parameters
SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters.
CVE-2006-0076 EXPLOITDB text WRITEUP
oaBoard 1.0 - Remote Code Execution
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
CVE-2006-4505 EXPLOITDB text WRITEUP
NX5Linx 1.0 - HTTP Response Splitting
CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
CVE-2006-0473 EXPLOITDB text WRITEUP
my little homepage my little weblog - Cross-Site Scripting via BBcode Link Tag
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
CVE-2006-0167 EXPLOITDB text WORKING POC
MyPhPim 01.05 - SQL Injection via cal_id Parameter or Login Password Field
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.
CVE-2006-0735 EXPLOITDB text WRITEUP
Fuzzymonkey MY Blog - XSS
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
CVE-2006-0167 EXPLOITDB text WORKING POC
MyPhPim 01.05 - SQL Injection via cal_id Parameter or Login Password Field
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.
CVE-2006-1755 EXPLOITDB text WORKING POC
MD News 1 - SQL Injection via id Parameter
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0673 EXPLOITDB text WORKING POC
Magic Calendar Lite 1.02 - SQL Injection via $total_login and $total_password Parameters
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.
CVE-2006-1334 EXPLOITDB text WORKING POC
Maian Weblog 2.0 - SQL Injection via Entry or Email Parameter
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
CVE-2006-1334 EXPLOITDB text WORKING POC
Maian Weblog 2.0 - SQL Injection via Entry or Email Parameter
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
CVE-2006-1979 EXPLOITDB text WRITEUP
Manic Web MWGuest 2.1.0 - Cross-Site Scripting via Homepage Parameter
Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.
CVE-2006-0234 EXPLOITDB text WORKING POC
microBlog 2.0 RC-10 - SQL Injection via Month or Year Parameter
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
CVE-2006-0417 EXPLOITDB text WORKING POC
miniBloggie < 1.0 - SQL Injection via Login Parameters
SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.
EIP-2026-107668 EXPLOITDB text WRITEUP
HTML::BBCode 1.03/1.04 - HTML Injection
CVE-2006-0074 EXPLOITDB text WORKING POC
PHPenpals < 1.1 - SQL Injection via profile.php personalID Parameter
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
CVE-2006-0088 EXPLOITDB text WORKING POC
inTouch 0.5.1 Alpha - SQL Injection via User Parameter
SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2006-0249 EXPLOITDB text WORKING POC
BitDamaged geoBlog MOD_1.0 - SQL Injection via viewcat.php cat Parameter
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).