Added wp-useronline Persistent XSS & FPD
This commit is contained in:
erwanlr
@@ -30,54 +30,66 @@ ryandewhurst at gmail
|
|||||||
|
|
||||||
-->
|
-->
|
||||||
<vulnerabilities>
|
<vulnerabilities>
|
||||||
|
<plugin name="wp-useronline">
|
||||||
|
<vulnerability>
|
||||||
|
<title>WP-UserOnline Full Path Disclosure</title>
|
||||||
|
<reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
|
||||||
|
<type>FPD</type>
|
||||||
|
</vulnerability>
|
||||||
|
<vulnerability>
|
||||||
|
<title>Wp-UserOnline <= 0.62 Persistent XSS</title>
|
||||||
|
<reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
|
||||||
|
<type>XSS</type>
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
<plugin name="levelfourstorefront">
|
<plugin name="levelfourstorefront">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>Shopping Cart 8.1.14 Shell Upload / SQL Injection</title>
|
<title>Shopping Cart 8.1.14 Shell Upload / SQL Injection</title>
|
||||||
<reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
|
<reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
|
||||||
<type>MULTI</type>
|
<type>MULTI</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="reflex-gallery">
|
<plugin name="reflex-gallery">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>ReFlex Gallery <= 1.4 Shell Upload</title>
|
<title>ReFlex Gallery <= 1.4 Shell Upload</title>
|
||||||
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
|
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
|
||||||
<type>UPLOAD</type>
|
<type>UPLOAD</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="uploader">
|
<plugin name="uploader">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>Uploader 1.0.4 Shell Upload</title>
|
<title>Uploader 1.0.4 Shell Upload</title>
|
||||||
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
|
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
|
||||||
<type>UPLOAD</type>
|
<type>UPLOAD</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="xerte-online">
|
<plugin name="xerte-online">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>Xerte Online 0.32 Shell Upload</title>
|
<title>Xerte Online 0.32 Shell Upload</title>
|
||||||
<reference>http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt</reference>
|
<reference>http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt</reference>
|
||||||
<type>UPLOAD</type>
|
<type>UPLOAD</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="advanced-custom-fields">
|
<plugin name="advanced-custom-fields">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>Advanced Custom Fields <= 3.5.1 Remote File Inclusion</title>
|
<title>Advanced Custom Fields <= 3.5.1 Remote File Inclusion</title>
|
||||||
<reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
|
<reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
|
||||||
<type>RFI</type>
|
<type>RFI</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="sitepress-multilingual-cms">
|
<plugin name="sitepress-multilingual-cms">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
|
<title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
|
||||||
<reference>http://1337day.com/exploit/20067</reference>
|
<reference>http://1337day.com/exploit/20067</reference>
|
||||||
<type>FPD</type>
|
<type>FPD</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="asset-manager">
|
<plugin name="asset-manager">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
|
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
|
||||||
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</reference>
|
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</reference>
|
||||||
<type>UPLOAD</type>
|
<type>UPLOAD</type>
|
||||||
<vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin name="apptha-banner">
|
<plugin name="apptha-banner">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
|
|||||||
Reference in New Issue
Block a user