Alireza Hasani

4 exploits Active since Nov 2007
CVE-2007-6079 EXPLOITDB text WRITEUP
bcoos 1.0.10 - Path Traversal and Arbitrary File Execution via xoopsOption[pagetype] Parameter
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
CVE-2007-6078 EXPLOITDB text WORKING POC
SkyPortal RC6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action.
EIP-2026-111828 EXPLOITDB text WRITEUP
RunCMS 1.6 - Local File Inclusion
CVE-2007-6080 EXPLOITDB text WRITEUP
bcoos 1.0.10 and 1.0.13 - SQL Injection via bid Parameter
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.