Sintsov Alexey

6 exploits Active since Sep 2009
CVE-2009-3439 EXPLOITDB WRITEUP
OSSIM < 2.1.2 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.
CVE-2010-2655 EXPLOITDB text WRITEUP
IBM Advanced Management Module < 2.48 - Authenticated Path Traversal via DIR Parameter
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
CVE-2010-2654 EXPLOITDB text WRITEUP
IBM BladeCenter AMM <4.7 and 5.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
CVE-2009-3440 EXPLOITDB text WRITEUP
OSSIM < 2.1.2 - Cross-Site Scripting via Option Parameter
Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).
CVE-2010-2656 EXPLOITDB text WRITEUP
IBM Advanced Management Module < 2.48 - Unauthenticated Sensitive Information Exposure via Direct Request
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
EIP-2026-101521 EXPLOITDB text WORKING POC
Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery