alijsb

10 exploits Active since Apr 2007
EIP-2026-111624 EXPLOITDB text WRITEUP
Qto File Manager 1.0 - 'index.php' Cross-Site Scripting
EIP-2026-111173 EXPLOITDB text WORKING POC
PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion
CVE-2007-2327 EXPLOITDB text WRITEUP
HTMLeditbox 2.2 - Remote File Inclusion via settings[app_dir] Parameter
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
CVE-2007-2326 EXPLOITDB text WRITEUP
HYIP Manager Pro - Remote File Inclusion via Plugin File Parameter
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty.
CVE-2007-2330 EXPLOITDB text WORKING POC
DynaTracker 151 - Remote File Inclusion via base_path Parameter
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2007-2330 EXPLOITDB text WORKING POC
DynaTracker 151 - Remote File Inclusion via base_path Parameter
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2007-2287 EXPLOITDB text WORKING POC
comus < 2.0_final - Remote File Inclusion via DOCUMENT_ROOT Parameter
PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
CVE-2007-2290 EXPLOITDB text WORKING POC
B2 Weblog and News Publishing Tool 0.6.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.
CVE-2007-2290 EXPLOITDB text WORKING POC
B2 Weblog and News Publishing Tool 0.6.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.
CVE-2007-2290 EXPLOITDB text WORKING POC
B2 Weblog and News Publishing Tool 0.6.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.