Secunia Security Advisory - Some vulnerabilities have been reported in cpCommerce, which can be exploited by malicious people to conduct cross-site scripting attacks.
2e01dab4166ddd6f8427c93cca968e7025cff77bef5a6824a6f393b72250802b
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.
d6b7e45015e2226774d298a56d321bed91d79bc32fb419ae257be2f1063f03eb
rGallery version 1.09 remote blind SQL injection exploit.
87dbbe0f935c4ace1a011a85735384150ce3e0952de48f41bbdaa86b49f11927
Wysi Wiki Wyg version 1.0 suffers from local file inclusion, cross site scripting, and phpinfo disclosure vulnerabilities.
013c42d3ee825198749b805710b7e8c0d7083031f736ae79f699b1ee969d1f08
PassWiki versions 0.9.17 and below suffer from a local file inclusion vulnerability. This is a five month old vulnerability that remains unpatched as new versions come out. Consumer beware!
8c02bbaa5018efa02295c143cae09f3f5d92e2b4db38cc33d72126868b1316d4