Alkomandoz Hacker - Security Researcher - Exploit Intelligence Platform

CVE-2007-5780 EXPLOITDB text WORKING POC

teatro < 1.6 - Remote Code Execution via basePath Parameter

PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.

View Code

CVE-2007-2068 EXPLOITDB text WORKING POC

StoreFront mods for Gallery - Remote File Inclusion via GALLERY_BASEDIR Parameter

Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.

View Code

CVE-2007-2340 EXPLOITDB text WORKING POC

phporacleview - Remote Code Execution via page_dir or inc_dir Parameter

Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.

View Code

CVE-2007-2166 EXPLOITDB text WRITEUP

OpenSurveyPilot < 1.2.1 - Remote File Inclusion via cfgPathToProjectAdmin Parameter

PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter.

View Code

CVE-2007-2456 EXPLOITDB text WRITEUP

FireFly 1.1.01 - Remote File Inclusion via doc_root Parameter

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.

View Code

CVE-2007-2285 EXPLOITDB text WORKING POC

Ext JS 1.0 alpha1 - Directory Traversal via Feed Parameter

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.

View Code

CVE-2007-1839 EXPLOITDB text WORKING POC

CodeBB < 1.1_beta_3 - Remote File Inclusion via phpbb_root_path Parameter

Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select.

View Code

CVE-2007-2762 EXPLOITDB text WRITEUP

Build it Fast 0.4.1 - Remote File Inclusion via PEAR Directory or System Directory Parameter

Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/.

View Code

CVE-2007-2142 EXPLOITDB text WORKING POC

AjPortal2Php - Remote File Inclusion via PagePrefix Parameter

Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/.

View Code