DeltahackingTEAM

36 exploits Active since Aug 2006
CVE-2006-6281 EXPLOITDB text WORKING POC
dicshunary 0.1 alpha - Remote File Inclusion via dicshunary_root_path Parameter
PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.
CVE-2006-7185 EXPLOITDB perl WORKING POC
CMSmelborp Beta - Remote File Inclusion via relative_root Parameter
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
CVE-2006-6546 EXPLOITDB text WORKING POC
cutenews_aj-fork 167f - Remote File Inclusion via cutepath Parameter
PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter.
EIP-2026-106310 EXPLOITDB text WORKING POC
CuteNews aj-fork - 'path' Remote File Inclusion
CVE-2006-6774 EXPLOITDB perl WORKING POC
Ciberia Content Federator 1.0 - RCE
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-6867 EXPLOITDB text WORKING POC
Vladimir Menshakov buratinable templator 0.9.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.
CVE-2006-6809 EXPLOITDB text WORKING POC
Vladimir Menshakov Bubla <1.0.0rc2 - RCE
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.
CVE-2007-6080 EXPLOITDB text WORKING POC
bcoos 1.0.10 and 1.0.13 - SQL Injection via bid Parameter
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
CVE-2007-0200 EXPLOITDB perl WORKING POC
Geoffrey Golliher Axiom Photo/News Gallery 0.8.6 - RCE
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.
CVE-2006-6611 EXPLOITDB text WORKING POC
Barman 0.0.1r3 - Remote File Inclusion via basepath Parameter
PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
CVE-2006-6368 EXPLOITDB python WORKING POC
awrate 1.0 - Remote File Inclusion via toroot Parameter
PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php.