Update plugin_vulns.xml
This commit is contained in:
Peter van der Laan
@@ -123,8 +123,7 @@
|
||||
<title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
|
||||
<references>
|
||||
<secunia>50804</secunia>
|
||||
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
|
||||
</url>
|
||||
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
|
||||
</references>
|
||||
<type>RFI</type>
|
||||
<fixed_in>1.13</fixed_in>
|
||||
@@ -197,9 +196,7 @@
|
||||
<title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
|
||||
<references>
|
||||
<secunia>50873</secunia>
|
||||
<url>
|
||||
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
|
||||
</url>
|
||||
<url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
|
||||
</references>
|
||||
<type>SQLI</type>
|
||||
<fixed_in>2.06.03</fixed_in>
|
||||
@@ -290,8 +287,7 @@
|
||||
<secunia>50832</secunia>
|
||||
<url>http://www.securityfocus.com/bid/57133</url>
|
||||
<url>http://packetstormsecurity.com/files/119329/</url>
|
||||
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
|
||||
</url>
|
||||
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
|
||||
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
|
||||
</references>
|
||||
<type>UNKNOWN</type>
|
||||
@@ -551,9 +547,7 @@
|
||||
<title>Asset Manager - upload.php Arbitrary Code Execution</title>
|
||||
<references>
|
||||
<osvdb>82653</osvdb>
|
||||
<url>
|
||||
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
|
||||
</url>
|
||||
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
|
||||
<url>http://packetstormsecurity.com/files/113285/</url>
|
||||
<url>http://xforce.iss.net/xforce/xfdb/80823</url>
|
||||
</references>
|
||||
@@ -676,7 +670,7 @@
|
||||
<vulnerability>
|
||||
<title>powerzoomer - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20253</url>
|
||||
<url>http://1337day.com/exploit/20253</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -754,7 +748,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20255</url>
|
||||
<url>http://1337day.com/exploit/20255</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -840,7 +834,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20260</url>
|
||||
<url>http://1337day.com/exploit/20260</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -857,7 +851,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20259</url>
|
||||
<url>http://1337day.com/exploit/20259</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -892,7 +886,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20250</url>
|
||||
<url>http://1337day.com/exploit/20250</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -919,7 +913,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20252</url>
|
||||
<url>http://1337day.com/exploit/20252</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -936,7 +930,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20261</url>
|
||||
<url>http://1337day.com/exploit/20261</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -1022,7 +1016,7 @@
|
||||
<vulnerability>
|
||||
<title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
|
||||
<references>
|
||||
<url>http://www.securityfocus.com/bid/60079/info</url>
|
||||
<url>http://www.securityfocus.com/bid/60079</url>
|
||||
</references>
|
||||
<type>MULTI</type>
|
||||
</vulnerability>
|
||||
@@ -1088,9 +1082,7 @@
|
||||
<vulnerability>
|
||||
<title>ABtest - Directory Traversal</title>
|
||||
<references>
|
||||
<url>
|
||||
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
|
||||
</url>
|
||||
<url>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</url>
|
||||
</references>
|
||||
<type>UNKNOWN</type>
|
||||
</vulnerability>
|
||||
@@ -2387,7 +2379,7 @@
|
||||
<vulnerability>
|
||||
<title>WP Cycle Playlist - Multiple Vulnerabilities</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploits/17396</url>
|
||||
<url>http://1337day.com/exploit/17396</url>
|
||||
</references>
|
||||
<type>MULTI</type>
|
||||
</vulnerability>
|
||||
@@ -2456,7 +2448,7 @@
|
||||
<vulnerability>
|
||||
<title>WP-AutoYoutube <= 0.1 - Blind SQL Injection Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploits/17368</url>
|
||||
<url>http://1337day.com/exploit/17368</url>
|
||||
</references>
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
@@ -4591,9 +4583,7 @@
|
||||
<references>
|
||||
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
|
||||
<url>http://wordpress.org/support/topic/pwn3d</url>
|
||||
<url>
|
||||
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
|
||||
</url>
|
||||
<url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
|
||||
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
|
||||
</references>
|
||||
<type>RCE</type>
|
||||
@@ -4664,7 +4654,7 @@
|
||||
<title>ipfeuilledechou - SQL Injection Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.exploit4arab.com/exploits/377</url>
|
||||
<url>http://1337day.com/exploits/20206</url>
|
||||
<url>http://1337day.com/exploit/20206</url>
|
||||
</references>
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
@@ -4771,7 +4761,7 @@
|
||||
<title>Developer Formatter - CSRF and XSS Vulnerability</title>
|
||||
<references>
|
||||
<url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
|
||||
<url>http://1337day.com/exploits/20210</url>
|
||||
<url>http://1337day.com/exploit/20210</url>
|
||||
<secunia>51912</secunia>
|
||||
</references>
|
||||
<type>MULTI</type>
|
||||
@@ -5299,7 +5289,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20251</url>
|
||||
<url>http://1337day.com/exploit/20251</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -5309,7 +5299,7 @@
|
||||
<vulnerability>
|
||||
<title>accordion - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20254</url>
|
||||
<url>http://1337day.com/exploit/20254</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -5319,7 +5309,7 @@
|
||||
<vulnerability>
|
||||
<title>wp-catpro - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20256</url>
|
||||
<url>http://1337day.com/exploit/20256</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
@@ -5372,7 +5362,7 @@
|
||||
<vulnerability>
|
||||
<title>p1m media manager - SQL Injection Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20270</url>
|
||||
<url>http://1337day.com/exploit/20270</url>
|
||||
</references>
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
@@ -5412,7 +5402,7 @@
|
||||
<vulnerability>
|
||||
<title>ForumConverter - SQL Injection Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20275</url>
|
||||
<url>http://1337day.com/exploit/20275</url>
|
||||
</references>
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
@@ -5422,7 +5412,7 @@
|
||||
<vulnerability>
|
||||
<title>Newsletter - SQL Injection Vulnerability</title>
|
||||
<references>
|
||||
<url>http://www.1337day.com/exploit/20287</url>
|
||||
<url>http://1337day.com/exploit/20287</url>
|
||||
</references>
|
||||
<type>SQLI</type>
|
||||
</vulnerability>
|
||||
@@ -5542,7 +5532,7 @@
|
||||
<vulnerability>
|
||||
<title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploits/20433</url>
|
||||
<url>http://1337day.com/exploit/20433</url>
|
||||
</references>
|
||||
<type>MULTI</type>
|
||||
</vulnerability>
|
||||
@@ -5962,8 +5952,7 @@
|
||||
<title>WP-Banners-Lite - XSS vulnerability</title>
|
||||
<references>
|
||||
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
|
||||
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
|
||||
</url>
|
||||
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
|
||||
Reference in New Issue
Block a user