Aliaksandr Hartsuyeu

83 exploits Active since Jan 2006
CVE-2006-0110 EXPLOITDB text WRITEUP
Javier Suarez Sanz Foro Domus - XSS
Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter.
CVE-2006-1238 EXPLOITDB text WORKING POC
DSLogin 1.0 - SQL Injection
SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.
CVE-2006-1232 EXPLOITDB text WORKING POC
DSDownload 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.
CVE-2006-1234 EXPLOITDB text WORKING POC
DSCounter 1.2 - SQL Injection
SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
EIP-2026-106322 EXPLOITDB text WORKING POC
CyBoards PHP Lite 1.21/1.25 - 'post.php' SQL Injection
CVE-2006-0877 EXPLOITDB text WRITEUP
Easy Forum - XSS
Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.
CVE-2010-4783 EXPLOITDB text WORKING POC
PHP Web Scripts Easy Banner Free 2009.05.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
CVE-2010-4784 EXPLOITDB text WRITEUP
PHP Web Scripts Easy Banner Free <2009.05.18 - SQL Injection
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
EIP-2026-106631 EXPLOITDB text WORKING POC
e-moBLOG 1.3 - Multiple SQL Injections
EIP-2026-105902 EXPLOITDB text WRITEUP
Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities
CVE-2006-0361 EXPLOITDB text WORKING POC
Bit 5 Blog - XSS
Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.
EIP-2026-105839 EXPLOITDB text WRITEUP
Chucky A. Ivey N.T. 1.1 - 'index.php' Multiple HTML Injection Vulnerabilities
EIP-2026-105834 EXPLOITDB text WORKING POC
Chipmunk Guestbook 1.4 - Homepage HTML Injection
CVE-2006-0136 EXPLOITDB text WRITEUP
Phanatic Softwares Chimera Web Portal - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.
CVE-2006-0137 EXPLOITDB text WORKING POC
Phanatic Softwares Chimera Web Portal - SQL Injection
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0443 EXPLOITDB text WORKING POC
Cheesyblog - XSS
Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment.
CVE-2006-0318 EXPLOITDB text WORKING POC
Insane Visions Blogphp - SQL Injection
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
CVE-2006-0320 EXPLOITDB text WORKING POC
Bit 5 Blog < 8.01 - SQL Injection
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.
CVE-2006-0775 EXPLOITDB text WORKING POC
Ridder Roeland Birthsys - SQL Injection
Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.
EIP-2026-105079 EXPLOITDB text WORKING POC
Alguest 1.1 - Multiple Cookie Authentication Bypass Vulnerabilities
CVE-2006-1613 EXPLOITDB text WORKING POC
aWebNews 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php.
CVE-2006-0310 EXPLOITDB text WRITEUP
Mike Helton Aoblogger - XSS
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.
CVE-2006-0311 EXPLOITDB text WRITEUP
Mike Helton Aoblogger - SQL Injection
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0312 EXPLOITDB text WRITEUP
aoblogger <2.3 - Auth Bypass
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
CVE-2006-0462 EXPLOITDB text WORKING POC
Andonet Blog - SQL Injection
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.