SHiKaA

41 exploits Active since Apr 2005
CVE-2006-3987 EXPLOITDB text WORKING POC
Knusperleicht FileManager <1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.
CVE-2006-4898 EXPLOITDB text WORKING POC
GuanxiCRM <0.9.1 - RCE
PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
CVE-2006-4488 EXPLOITDB text WORKING POC
ExBB Italia <0.2 - RCE
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.
CVE-2006-4285 EXPLOITDB text WORKING POC
Fscripts Fantastic News - Code Injection
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.
CVE-2006-5070 EXPLOITDB text WORKING POC
faceStones Personal <2.0.42 - RCE
PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter.
CVE-2006-5087 EXPLOITDB text WORKING POC
evoBB <0.3 - RCE
Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.
CVE-2006-5383 EXPLOITDB text WORKING POC
Def-blog - SQL Injection
SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.
CVE-2006-4589 EXPLOITDB text WORKING POC
DynCMS <6 - RCE
PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter.
CVE-2006-5493 EXPLOITDB text WORKING POC
DigitalHive 2.0 RC2 - RCE
PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-3685 EXPLOITDB text WORKING POC
CzarNews <1.14 - RCE
PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
CVE-2006-5068 EXPLOITDB text WORKING POC
Brudaswen/BrudaNews <1.1-BrudaGB <1.1 - RCE
PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter.
CVE-2006-4629 EXPLOITDB text WORKING POC
C-News <1.0.1 - Code Injection
PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-5068 EXPLOITDB text WORKING POC
Brudaswen/BrudaNews <1.1-BrudaGB <1.1 - RCE
PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter.
CVE-2006-4649 EXPLOITDB text WORKING POC
BinGo News <3.01 - RCE
PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
CVE-2006-4441 EXPLOITDB text WORKING POC
Ay System Solutions CMS <2.6 - RCE
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4638 EXPLOITDB text WORKING POC
ACGV News <0.9.1 - RCE
PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.