Please download the original advisory here. The “E-Book Store”  is exposed to SQL injection attacks. >> #1 SQL Injection target/search.php?search=Search&keyword=[SQL Injection]

Please view the original advisory here. The “Lyrics Script” suffers from various SQL Injection and Cross-Site Scripting vulnerabilities. >> #1 SQL Injection target/search_results.php?search=Search&k=[SQL Injection] target/browse_artist.php?letter=[SQL Injection] target/browse_song.php?letter=[SQL Injection] >> #2 Cross-Site Scripting target/search_results.php?search=Search&k=[XSS]

Please view the original advisory here. The Dijitals CMS suffers from several XSS vulnerabilities. Built-in filters try to avoid XSS, sql injections and local + remote file inclusions. The XSS filters can be tricked by e.g. using String.fromCharcode.

Please view the original advisory here. The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks. I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this [...]

Please view the full advisory/exploit here. The Joomla Component Reservations is exposed to XSS attacks.

Please view the document here. The Joomla Component My Car (V. 1.0) is exposed to XSS attacks. Due to SQL errors it is furthermore possible to reveal sensitive information (e.g. the absolute path of the website and queries).

Please view the original advisory here. # Exploit Title: Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities # Date: 18.05.2010 # Author: Valentin # Category: webapps/0day # Version: 2.0.3 # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities Author = Valentin Hoebel [...]

Please view the original advisory here. The Joomla component JE Job suffers from a Local File Inclusion vulnerability. Furthermore XSS attacks may be possible. Example URI = index.php?option=com_jejob&view=../../../../../../etc/passwd%00 It is highly recommended to activate the PHP var OpenBaseDir and configure it correctly.

Please view the original advisory here. The Joomla component JE Ajax Event Calendar suffers from a Local File Inclusion vulnerability. Example URI = index.php?option=com_jeajaxeventcalendar&view=../../../../../../etc/passwd%00 Affected version(s): 1.0.3

Please view the original advisory here. The free shoutbox script from damianov.net suffers from a XSS vulnerability. Injecting arbitrary HTML and Java Script code is possible while adding a new shout, no matter if HTML is allowed in the shoutsettings.php or not. #1 Example: <SCRIPT src=some-script.js></SCRIPT> #2 Example: <SCRIPT>alert(“XSS”)</SCRIPT> #3 Example: <SCRIPT>alert(document.cookie)</SCRIPT> #4 Example: <script>document.location.href=”http://www.google.de”</script> [...]