Please view the original advisory/exploit here. The Porn Tube Search Script from the vendor Mechbunny suffers from Cross-Site Scripting and Redirection vulnerabilities.

Please download the original exploit/advisory here. The image gallery script GaleriaSHQIP suffers from a remote SQL injection vulnerability. Example URL index.php?album_id=[SQL Injection] Affected versions 1.0 full, the lite version may also contain such vulnerabilities

Please download/view the original advisory here. The Joomla component com_golfcourseguide fails to sanitize the user input and therefore suffers from a remote SQL injection vulnerability. Example URL index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=[SQL Injection] Versions affected v0.9.6.0 beta, v1 beta

Today I am releasing my Specialist Bed and Breakfast Website SQL Injection Exploit (remote). [Download] Description The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product. About the vulnerability Learn [...]

Please view the original advisory here. The “Membership Site Script” is exposed to SQL injection attacks. >> #1 SQL Injection target/view.php?id=[SQL Injection]

Please view the original advisory here. The “Daily Inspirational Quotes Script” fails to properly sanitize the user input and is therefore exposed to SQL injection attacks. >> #1 SQL Injection target/tellafriend.php?id=[SQL Injection]

Please view the original advisory here. The “Joke Website Script” is exposed to SQL Injection and Cross-Site Scripting attacks. >> #1 SQL Injection target/search.php?submit=Search&keyword=[SQLi] >> #2 Cross-Site Scripting target/search.php?submit=Search&keyword=[XSS]

Please download the original advisory here. The “E-Book Store”  is exposed to SQL injection attacks. >> #1 SQL Injection target/search.php?search=Search&keyword=[SQL Injection]

Please view the original advisory here. The “Lyrics Script” suffers from various SQL Injection and Cross-Site Scripting vulnerabilities. >> #1 SQL Injection target/search_results.php?search=Search&k=[SQL Injection] target/browse_artist.php?letter=[SQL Injection] target/browse_song.php?letter=[SQL Injection] >> #2 Cross-Site Scripting target/search_results.php?search=Search&k=[XSS]

Please view the original advisory here. The Dijitals CMS suffers from several XSS vulnerabilities. Built-in filters try to avoid XSS, sql injections and local + remote file inclusions. The XSS filters can be tricked by e.g. using String.fromCharcode.