WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection

source: https://www.securityfocus.com/bid/58671/info The Banners Lite plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the...

JForum 2.08 Cross Site Scripting

Minded Security Labs: Advisory MSA130510 JForum ?s?i\color='"?.?^'"'"?.?/color\ $2 As it's possible to see from the previous code, "color" attribute expects a parameter between single quotes. Jforum does not encode single quotes, so it's possible to a...

PHP ManualMaker v1.0

PHP ManualMaker v1.0 Homepage: http://deltascripts.com/phpmanualmaker/ Effected files: index.php Search boxes Comment boxes XSS proof of concept: Input in search or comment box: """'IMG SRC=javascript:alert&0000039XSS&0000039""'" XSS via URL injection of id:...

[Full-Disclosure] Serendipity 0.7-beta1 SQL Injection PoC

Serendipity 0.7-beta1 SQL Injection Proof of Concept By aCiDBiTS [email protected] 13-September-2004 "Serendipity http://www.s9y.org/ is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source BSD License." There is no user input sanitation for...