Alkomandoz Hacker

9 exploits Active since Apr 2007
CVE-2007-5780 EXPLOITDB text WORKING POC
Telematic LAB Teatro < 1.6 - Code Injection
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2007-2068 EXPLOITDB text WORKING POC
StoreFront mods - RCE
Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.
CVE-2007-2340 EXPLOITDB text WORKING POC
PHP OracleView - RCE
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.
CVE-2007-2166 EXPLOITDB text WRITEUP
OpenSurveyPilot <1.2.1 - RCE
PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter.
CVE-2007-2456 EXPLOITDB text WRITEUP
FireFly 1.1.01 - RCE
Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.
CVE-2007-2285 EXPLOITDB text WORKING POC
Jack Slocum Ext JS - Path Traversal
Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.
CVE-2007-1839 EXPLOITDB text WORKING POC
CodeBB <1.1b3 - RCE
Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select.
CVE-2007-2762 EXPLOITDB text WRITEUP
Build it Fast 0.4.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/.
CVE-2007-2142 EXPLOITDB text WORKING POC
AjPortal2Php - RCE
Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/.