Alexander Concha

4 exploits Active since Mar 2007
EIP-2026-113498 EXPLOITDB perl WORKING POC
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
CVE-2007-1622 EXPLOITDB html WORKING POC
WordPress < 2.0.10 RC2 and < 2.1.3 RC2 - Authenticated Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
CVE-2008-5695 EXPLOITDB php WORKING POC
WordPress <2.3.2 - Authenticated RCE
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
EIP-2026-107473 EXPLOITDB text WORKING POC
Graffiti CMS 1.x - Arbitrary File Upload