From 6ffc66362e642d7b9a32c67927b5564625fea949 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 10:00:55 +0200 Subject: [PATCH] Make a seperator between plugin name and vulnerability name Can be useful for 'grep'ing. plugin name [version[-range]] - vulnerability name --- data/plugin_vulns.xml | 574 +++++++++++++++++++++--------------------- 1 file changed, 289 insertions(+), 285 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index c2c9d91c..2a97bef3 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -487,7 +487,7 @@ - Advanced Custom Fields <= 3.5.1 Remote File Inclusion + Advanced Custom Fields <= 3.5.1 - Remote File Inclusion http://packetstormsecurity.com/files/119221/ 51037 @@ -1103,7 +1103,7 @@ - Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities + Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 @@ -1134,7 +1134,7 @@ - Postie 1.4.3 Stored XSS + Postie 1.4.3 - Stored XSS 20360 50207 @@ -1145,7 +1145,7 @@ - RSVPMaker v2.5.4 Persistent XSS + RSVPMaker v2.5.4 - Persistent XSS 20474 50289 @@ -1156,7 +1156,7 @@ - Mz-jajak <= 2.1 SQL Injection Vulnerability + Mz-jajak <= 2.1 - SQL Injection Vulnerability 20416 50217 @@ -1167,7 +1167,7 @@ - Resume Submissions Job Posting v2.5.1 Unrestricted File Upload + Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload http://packetstormsecurity.com/files/114716/ @@ -1177,7 +1177,7 @@ - WP-Predict v1.0 Blind SQL Injection + WP-Predict v1.0 - Blind SQL Injection 19715 @@ -1200,7 +1200,7 @@ - MoodThingy Widget v0.8.7 Blind SQL Injection + MoodThingy Widget v0.8.7 - Blind SQL Injection 19572 @@ -1210,7 +1210,7 @@ - Paid Business Listings v1.0.2 Blind SQL Injection + Paid Business Listings v1.0.2 - Blind SQL Injection 19481 @@ -1230,7 +1230,7 @@ - Fancy Gallery 1.2.4 Shell Upload + Fancy Gallery 1.2.4 - Shell Upload http://packetstormsecurity.com/files/114114/ @@ -1240,7 +1240,7 @@ - Flip Book 1.0 Shell Upload + Flip Book 1.0 - Shell Upload http://packetstormsecurity.com/files/114112/ @@ -1250,7 +1250,7 @@ - Ajax Multi Upload 1.1 Shell Upload + Ajax Multi Upload 1.1 - Shell Upload http://packetstormsecurity.com/files/114109/ @@ -1260,7 +1260,7 @@ - Schreikasten 0.14.13 XSS + Schreikasten 0.14.13 - XSS 19294 @@ -1270,7 +1270,7 @@ - Automatic 2.0.3 CSRF + Automatic 2.0.3 - CSRF http://packetstormsecurity.com/files/113763/ @@ -1297,7 +1297,7 @@ - Auctions - 2.0.1.3 Arbitrary + <title>Auctions - 2.0.1.3 - Arbitrary File Upload Vulnerability @@ -1309,7 +1309,7 @@ - LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability + LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113844/ @@ -1319,7 +1319,7 @@ - Lim4wp 1.1.1 Arbitrary File Upload Vulnerability + Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113846/ @@ -1329,7 +1329,7 @@ - Wp-ImageZoom 1.0.3 Remote File Disclosure + Wp-ImageZoom 1.0.3 - Remote File Disclosure http://packetstormsecurity.com/files/113845/ @@ -1339,7 +1339,7 @@ - Invit0r 0.22 Shell Upload + Invit0r 0.22 - Shell Upload http://packetstormsecurity.com/files/113639/ @@ -1349,7 +1349,7 @@ - Annonces 1.2.0.1 Shell Upload + Annonces 1.2.0.1 - Shell Upload http://packetstormsecurity.com/files/113637/ @@ -1359,7 +1359,7 @@ - Contus Video Gallery 1.3 Arbitrary + <title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability @@ -1378,9 +1378,7 @@ SQLI - Contus HD FLV Player 1.7 Arbitrary - File Upload Vulnerability - + Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113570/ @@ -1391,7 +1389,7 @@ - User Meta Version 1.1.1 Arbitrary File Upload Vulnerability + User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability 19052 @@ -1401,7 +1399,7 @@ - Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability + Top Quark Architecture Version 2.10 - Arbitrary File Upload Vulnerability 19053 @@ -1411,7 +1409,7 @@ - SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability + SfBrowser Version 1.4.5 - Arbitrary File Upload Vulnerability 19054 @@ -1428,14 +1426,14 @@ XSS - Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability + Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability 19055 UPLOAD - PICA Photo Gallery 1.0 Remote File Disclosure + PICA Photo Gallery 1.0 - Remote File Disclosure 19016 @@ -1467,7 +1465,7 @@ 3.0 - Mac Photo Gallery 2.7 Arbitrary File Upload + Mac Photo Gallery 2.7 - Arbitrary File Upload 19056 @@ -1477,7 +1475,7 @@ - drag and drop file upload 0.1 Arbitrary File Upload Vulnerability + drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability 19057 @@ -1497,7 +1495,7 @@ - wp-gpx-max version 1.1.21 Arbitrary File Upload + wp-gpx-max version 1.1.21 - Arbitrary File Upload 19050 @@ -1517,14 +1515,14 @@ - Front End Upload 0.5.3 Arbitrary File Upload + Front End Upload 0.5.3 - Arbitrary File Upload 19008 UPLOAD - Front End Upload v0.5.4 Arbitrary PHP File Upload + Front End Upload v0.5.4 - Arbitrary PHP File Upload 20083 @@ -1534,7 +1532,7 @@ - Omni Secure Files 0.1.13 Arbitrary File Upload + Omni Secure Files 0.1.13 - Arbitrary File Upload 19009 @@ -1544,7 +1542,7 @@ - Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability + Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability 19013 @@ -1554,7 +1552,7 @@ - Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability + Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability 19018 @@ -1564,7 +1562,7 @@ - RBX Gallery 2.1 Arbitrary File Upload + RBX Gallery 2.1 - Arbitrary File Upload 19019 @@ -1574,7 +1572,7 @@ - Simple Download Button Shortcode 1.0 Remote File Disclosure + Simple Download Button Shortcode 1.0 - Remote File Disclosure 19020 @@ -1584,7 +1582,7 @@ - Thinkun Remind 1.1.3 Remote File Disclosure + Thinkun Remind 1.1.3 - Remote File Disclosure 19021 @@ -1594,7 +1592,7 @@ - Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure + Tinymce Thumbnail Gallery 1.0.7 - Remote File Disclosure 19022 @@ -1624,7 +1622,7 @@ - Font Uploader 1.2.4 Arbitrary File Upload + Font Uploader 1.2.4 - Arbitrary File Upload 18994 82657 @@ -1651,7 +1649,7 @@ - WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload + WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload 18988 @@ -1722,7 +1720,7 @@ - WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting + WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting http://packetstormsecurity.com/files/112658/ @@ -1732,7 +1730,7 @@ - Survey And Quiz Tool <= 2.9.2 Cross Site Scripting + Survey And Quiz Tool <= 2.9.2 - Cross Site Scripting http://packetstormsecurity.com/files/112685/ @@ -1742,7 +1740,7 @@ - WP Statistics <= 2.2.4 Cross Site Scripting + WP Statistics <= 2.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112686/ @@ -1752,14 +1750,14 @@ - WP Easy Gallery <= 1.7 Cross Site Scripting + WP Easy Gallery <= 1.7 - Cross Site Scripting http://packetstormsecurity.com/files/112687/ XSS - WP Easy Gallery <= 2.7 CSRF + WP Easy Gallery <= 2.7 - CSRF http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery @@ -1769,7 +1767,7 @@ - Subscribe2 <= 8.0 Cross Site Scripting + Subscribe2 <= 8.0 - Cross Site Scripting http://packetstormsecurity.com/files/112688/ @@ -1779,7 +1777,7 @@ - Soundcloud Is Gold <= 2.1 Cross Site Scripting + Soundcloud Is Gold <= 2.1 - Cross Site Scripting http://packetstormsecurity.com/files/112689/ @@ -1815,7 +1813,7 @@ - Share And Follow <= 1.80.3 Cross Site Scripting + Share And Follow <= 1.80.3 - Cross Site Scripting http://packetstormsecurity.com/files/112691/ @@ -1825,7 +1823,7 @@ - SABRE <= 1.2.0 Cross Site Scripting + SABRE <= 1.2.0 - Cross Site Scripting http://packetstormsecurity.com/files/112692/ @@ -1835,14 +1833,14 @@ - Pretty Link Lite <= 1.5.2 Cross Site Scripting + Pretty Link Lite <= 1.5.2 - Cross Site Scripting http://packetstormsecurity.com/files/112693/ XSS - Pretty Link Lite <= 1.6.1 Cross Site Scripting + Pretty Link Lite <= 1.6.1 - Cross Site Scripting 50980 @@ -1861,7 +1859,7 @@ - Newsletter Manager <= 1.0 Cross Site Scripting + Newsletter Manager <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/112694/ @@ -1871,7 +1869,7 @@ - Network Publisher <= 5.0.1 Cross Site Scripting + Network Publisher <= 5.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112695/ @@ -1881,7 +1879,7 @@ - LeagueManager <= 3.7 Cross Site Scripting + LeagueManager <= 3.7 - Cross Site Scripting http://packetstormsecurity.com/files/112698/ 49949 @@ -1889,7 +1887,7 @@ XSS - LeagueManager v3.8 SQL Injection + LeagueManager v3.8 - SQL Injection 24789 2013-1852 @@ -1901,7 +1899,7 @@ - Leaflet <= 0.0.1 Cross Site Scripting + Leaflet <= 0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112699/ @@ -1911,7 +1909,7 @@ - PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting + PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scripting http://packetstormsecurity.com/files/112700/ @@ -1921,7 +1919,7 @@ - IFrame Admin Pages <= 0.1 Cross Site Scripting + IFrame Admin Pages <= 0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112701/ @@ -1931,7 +1929,7 @@ - EZPZ One Click Backup <= 12.03.10 Cross Site Scripting + EZPZ One Click Backup <= 12.03.10 - Cross Site Scripting http://packetstormsecurity.com/files/112705/ @@ -1941,7 +1939,7 @@ - Dynamic Widgets <= 1.5.1 Cross Site Scripting + Dynamic Widgets <= 1.5.1 - Cross Site Scripting http://packetstormsecurity.com/files/112706/ @@ -1951,7 +1949,7 @@ - Download Monitor < 3.3.6.2 Cross Site Scripting + Download Monitor < 3.3.6.2 - Cross Site Scripting http://www.securityfocus.com/bid/61407 53116 @@ -1962,7 +1960,7 @@ 3.3.6.2 - Download Monitor <= 3.3.5.7 Cross Site Scripting + Download Monitor <= 3.3.5.7 - Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html 50511 @@ -1970,7 +1968,7 @@ XSS - Download Monitor <= 3.3.5.4 Cross Site Scripting + Download Monitor <= 3.3.5.4 - Cross Site Scripting http://packetstormsecurity.com/files/112707/ @@ -1980,7 +1978,7 @@ - Download Manager <= 2.2 Cross Site Scripting + Download Manager <= 2.2 - Cross Site Scripting http://packetstormsecurity.com/files/112708/ @@ -1990,7 +1988,7 @@ - Code Styling Localization <= 1.99.16 Cross Site Scripting + Code Styling Localization <= 1.99.16 - Cross Site Scripting http://packetstormsecurity.com/files/112709/ @@ -2000,7 +1998,7 @@ - Catablog <= 1.6 Cross Site Scripting + Catablog <= 1.6 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ @@ -2010,7 +2008,7 @@ - Bad Behavior <= 2.24 Cross Site Scripting + Bad Behavior <= 2.24 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ @@ -2041,7 +2039,7 @@ - Better WP Security <= 3.5.3 Stored XSS + Better WP Security <= 3.5.3 - Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded @@ -2053,7 +2051,7 @@ 3.5.4 - Better WP Security v3.4.3 Multiple XSS + Better WP Security v3.4.3 - Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 @@ -2061,7 +2059,7 @@ 3.4.4 - Better WP Security <= 3.2.4 Cross Site Scripting + Better WP Security <= 3.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112617/ @@ -2072,7 +2070,7 @@ - Custom Contact Forms <= 5.0.0.1 Cross Site Scripting + Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112616/ @@ -2082,14 +2080,14 @@ - 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting + 2-Click-Socialmedia-Buttons <= 0.34 - Cross Site Scripting http://packetstormsecurity.com/files/112615/ XSS - 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting + 2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting http://packetstormsecurity.com/files/112711/ @@ -2135,7 +2133,7 @@ - FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload + FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell Upload http://packetstormsecurity.com/files/111319/ @@ -2153,7 +2151,7 @@ 2.4.8 - Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities + Zingiri Web Shop <= 2.4.0 - Multiple XSS Vulnerabilities 18787 48991 @@ -2161,14 +2159,14 @@ XSS - Zingiri Web Shop <= 2.3.5 Cross Site Scripting + Zingiri Web Shop <= 2.3.5 - Cross Site Scripting http://packetstormsecurity.com/files/112684/ XSS - Zingiri Web Shop 2.4.3 Shell Upload + Zingiri Web Shop 2.4.3 - Shell Upload http://packetstormsecurity.com/files/113668/ @@ -2178,7 +2176,7 @@ - Organizer 1.2.1 Cross Site Scripting / Path Disclosure + Organizer 1.2.1 - Cross Site Scripting / Path Disclosure http://packetstormsecurity.com/files/112086/ http://packetstormsecurity.com/files/113800/ @@ -2237,7 +2235,7 @@ - Buddypress <= 1.5.5 SQL Injection + Buddypress <= 1.5.5 - SQL Injection 18690 @@ -2247,7 +2245,7 @@ - Register Plus Redux <= 3.8.3 Cross Site Scripting + Register Plus Redux <= 3.8.3 - Cross Site Scripting http://packetstormsecurity.com/files/111367/ @@ -2257,7 +2255,7 @@ - Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability + Magn WP Drag and Drop <= 1.1.4 - Upload Shell Upload Vulnerability http://packetstormsecurity.com/files/110103/ @@ -2267,7 +2265,7 @@ - Kish Guest Posting 1.0 Arbitrary File Upload + Kish Guest Posting 1.0 - Arbitrary File Upload 18412 @@ -2277,14 +2275,14 @@ - AllWebMenus Shell Upload <= 1.1.9 Shell Upload + AllWebMenus Shell Upload <= 1.1.9 - Shell Upload http://packetstormsecurity.com/files/108946/ RFI - AllWebMenus 1.1.3 Remote File Inclusion + AllWebMenus 1.1.3 - Remote File Inclusion 17861 @@ -2294,7 +2292,7 @@ - Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting + Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting http://packetstormsecurity.com/files/108914/ @@ -2324,7 +2322,7 @@ - myEASYbackup 1.0.8.1 Directory Traversal + myEASYbackup 1.0.8.1 - Directory Traversal http://packetstormsecurity.com/files/108711/ @@ -2395,7 +2393,7 @@ - Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting + Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/108470/ @@ -2415,7 +2413,7 @@ - Whois Search <= 1.4.2 Cross Site Scripting + Whois Search <= 1.4.2 - Cross Site Scripting http://packetstormsecurity.com/files/108271/ @@ -2435,7 +2433,7 @@ - Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) + Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ @@ -2445,7 +2443,7 @@ - Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability + Google reCAPTCHA <= 3.1.3 - Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html @@ -2496,7 +2494,7 @@ - adminimize 1.7.21 Cross-Site Scripting Vulnerabilities + adminimize 1.7.21 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 @@ -2506,7 +2504,7 @@ - Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability + Advanced Text Widget <= 2.0.0 - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 @@ -2546,7 +2544,7 @@ - Global Content Blocks <= 1.2 SQL - Injection Vulnerability + Global Content Blocks <= 1.2 - SQL Injection Vulnerability 17687 @@ -2556,7 +2554,7 @@ - Ajax Gallery <= 3.0 SQL - Injection Vulnerability + Ajax Gallery <= 3.0 - SQL Injection Vulnerability 17686 @@ -2566,7 +2564,7 @@ - WP DS FAQ <= 1.3.2 SQL - Injection Vulnerability + WP DS FAQ <= 1.3.2 - SQL Injection Vulnerability 17683 @@ -2576,7 +2574,7 @@ - OdiHost Newsletter <= 1.0 SQL - Injection Vulnerability + OdiHost Newsletter <= 1.0 - SQL Injection Vulnerability 17681 @@ -2629,7 +2627,7 @@ - File Groups <= 1.1.2 SQL Injection Vulnerability + File Groups <= 1.1.2 - SQL Injection Vulnerability 17677 @@ -2639,7 +2637,7 @@ - IP-Logger <= 3.0 SQL Injection Vulnerability + IP-Logger <= 3.0 - SQL Injection Vulnerability 17673 @@ -2649,7 +2647,7 @@ - Beer Recipes v.1.0 XSS + Beer Recipes v.1.0 - XSS 17453 @@ -2659,7 +2657,7 @@ - Is-human <=1.4.2 Remote Command Execution Vulnerability + Is-human <=1.4.2 - Remote Command Execution Vulnerability 17299 @@ -2679,7 +2677,7 @@ - SermonBrowser 0.43 SQL Injection + SermonBrowser 0.43 - SQL Injection 17214 @@ -2689,7 +2687,7 @@ - Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities + Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities 17207 @@ -2699,7 +2697,7 @@ - WP Custom Pages 0.5.0.1 LFI Vulnerability + WP Custom Pages 0.5.0.1 - LFI Vulnerability 17119 @@ -2723,7 +2721,7 @@ XSS - GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities + GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities http://packetstormsecurity.com/files/117665/ http://www.waraxe.us/advisory-94.html @@ -2732,21 +2730,21 @@ MULTI - GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities + GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities 16947 MULTI - GRAND Flash Album Gallery <= 1.56 XSS Vulnerability + GRAND Flash Album Gallery <= 1.56 - XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS - GRAND Flash Album Gallery <= 1.71 XSS Vulnerability + GRAND Flash Album Gallery <= 1.71 - XSS Vulnerability http://packetstormsecurity.com/files/112704/ @@ -2773,7 +2771,7 @@ - PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit + PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code Exec Exploit 16273 @@ -2783,7 +2781,7 @@ - OPS Old Post Spinner 2.2.1 LFI Vulnerability + OPS Old Post Spinner 2.2.1 - LFI Vulnerability 16251 @@ -2793,7 +2791,7 @@ - jQuery Mega Menu 1.0 Local File Inclusion + jQuery Mega Menu 1.0 - Local File Inclusion 16250 @@ -2803,7 +2801,7 @@ - IWantOneButton 3.0.1 Multiple Vulnerabilities + IWantOneButton 3.0.1 - Multiple Vulnerabilities 16236 @@ -2813,21 +2811,21 @@ - WP Forum Server 1.6.5 SQL Injection Vulnerability + WP Forum Server 1.6.5 - SQL Injection Vulnerability 16235 SQLI - WP Forum Server <= 1.7 SQL Injection Vulnerability + WP Forum Server <= 1.7 - SQL Injection Vulnerability 17828 SQLI - WP Forum Server <= 1.7.3 SQL Injection / XSS Vulnerabilities + WP Forum Server <= 1.7.3 - SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ @@ -2837,7 +2835,7 @@ - Relevanssi 2.7.2 Stored XSS Vulnerability + Relevanssi 2.7.2 - Stored XSS Vulnerability 16233 @@ -2847,7 +2845,7 @@ - GigPress 2.1.10 Stored XSS Vulnerability + GigPress 2.1.10 - Stored XSS Vulnerability 16232 @@ -2857,24 +2855,30 @@ - Comment Rating 2.9.32 SQL Injection / Bypass + Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection + 90676 + 24552 + 52348 http://packetstormsecurity.com/files/120569/ MULTI - Comment Rating 2.9.23 Multiple Vulnerabilities + Comment Rating 2.9.23 - Multiple Vulnerabilities + 71044 + 43406 16221 MULTI + 2.9.24 - Z-Vote 1.1 SQL Injection Vulnerability + Z-Vote 1.1 - SQL Injection Vulnerability 16218 @@ -2906,42 +2910,42 @@ - Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection + Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Injection http://packetstormsecurity.com/files/108915/ MULTI - Mingle Forum <= 1.0.31 SQL Injection Vulnerability + Mingle Forum <= 1.0.31 - SQL Injection Vulnerability 17894 SQLI - Mingle Forum <= 1.0.26 Multiple Vulnerabilities + Mingle Forum <= 1.0.26 - Multiple Vulnerabilities 15943 MULTI - Mingle Forum <= 1.0.33 Cross Site Scripting + Mingle Forum <= 1.0.33 - Cross Site Scripting http://packetstormsecurity.com/files/112696/ MULTI - Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection + Mingle Forum 1.0.33.3 - Multiple Parameter SQL Injection 90434 SQLI - Mingle Forum 1.0.35 Privilege Escalation CSRF + Mingle Forum 1.0.35 - Privilege Escalation CSRF 96905 2013-0736 @@ -2953,7 +2957,7 @@ - Accept Signups 0.1 XSS + Accept Signups 0.1 - XSS 15808 @@ -3054,7 +3058,7 @@ MULTI - NextGEN Gallery 1.9.12 Arbitrary File Upload + NextGEN Gallery 1.9.12 - Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ 94232 @@ -3125,7 +3129,7 @@ - WP-Syntax <= 0.9.1 Remote Command Execution + WP-Syntax <= 0.9.1 - Remote Command Execution 9431 @@ -3135,7 +3139,7 @@ - My Category Order <= 2.8 SQL Injection Vulnerability + My Category Order <= 2.8 - SQL Injection Vulnerability 9150 @@ -3145,7 +3149,7 @@ - Related Sites 2.1 Blind SQL Injection Vulnerability + Related Sites 2.1 - Blind SQL Injection Vulnerability 9054 @@ -3162,14 +3166,14 @@ XSS - DM Albums 1.9.2 Remote File Disclosure Vulnerability + DM Albums 1.9.2 - Remote File Disclosure Vulnerability 9048 LFI - DM Albums 1.9.2 Remote File Inclusion Vuln + DM Albums 1.9.2 - Remote File Inclusion Vuln 9043 @@ -3179,21 +3183,21 @@ - Photoracer 1.0 (id) SQL Injection Vulnerability + Photoracer 1.0 - (id) SQL Injection Vulnerability 8961 SQLI - Photoracer <= 1.0 SQL Injection Vulnerability + Photoracer <= 1.0 - SQL Injection Vulnerability 17720 SQLI - Photoracer <= 1.0 Multiple Vulnerabilities + Photoracer <= 1.0 - Multiple Vulnerabilities 17731 @@ -3213,7 +3217,7 @@ - fMoblog 2.1 (id) SQL Injection Vulnerability + fMoblog 2.1 - (id) SQL Injection Vulnerability 8229 @@ -3223,7 +3227,7 @@ - Page Flip Image Gallery <= 0.2.2 Remote FD Vuln + Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln 50902 2008-5752 @@ -3238,7 +3242,7 @@ - e-Commerce <= 3.4 Arbitrary File Upload Exploit + e-Commerce <= 3.4 - Arbitrary File Upload Exploit 6867 @@ -3248,7 +3252,7 @@ - Download Manager 0.2 Arbitrary File Upload Exploit + Download Manager 0.2 - Arbitrary File Upload Exploit 6127 @@ -3258,7 +3262,7 @@ - Spreadsheet <= 0.6 SQL Injection Vulnerability + Spreadsheet <= 0.6 - SQL Injection Vulnerability 5486 @@ -3278,7 +3282,7 @@ - Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities + Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities 5194 @@ -3298,14 +3302,14 @@ - Simple Forum 2.0-2.1 SQL Injection Vulnerability + Simple Forum 2.0-2.1 - SQL Injection Vulnerability 5126 SQLI - Simple Forum 1.10-1.11 SQL Injection Vulnerability + Simple Forum 1.10-1.11 - SQL Injection Vulnerability 5127 @@ -3342,7 +3346,7 @@ - dmsguestbook 1.7.0 Multiple Remote Vulnerabilities + dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities 5035 @@ -3352,7 +3356,7 @@ - WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit + WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit 5017 @@ -3362,7 +3366,7 @@ - Adserve 0.2 adclick.php SQL Injection Exploit + Adserve 0.2 - adclick.php SQL Injection Exploit 5013 @@ -3382,7 +3386,7 @@ - WP-Cal 0.3 editevent.php SQL Injection Vulnerability + WP-Cal 0.3 - editevent.php SQL Injection Vulnerability 4992 @@ -3392,14 +3396,14 @@ - plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability + plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability 4939 SQLI - plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability + plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability 7738 @@ -3429,7 +3433,7 @@ - PictPress <= 0.91 Remote File Disclosure Vulnerability + PictPress <= 0.91 - Remote File Disclosure Vulnerability 4695 @@ -3449,7 +3453,7 @@ - plugin myflash <= 1.00 (wppath) RFI Vulnerability + plugin myflash <= 1.00 - (wppath) RFI Vulnerability 3828 @@ -3459,7 +3463,7 @@ - plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability + plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability 3825 @@ -3469,7 +3473,7 @@ - plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability + plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability 3824 @@ -3479,7 +3483,7 @@ - myGallery <= 1.4b4 Remote File Inclusion Vulnerability + myGallery <= 1.4b4 - Remote File Inclusion Vulnerability 3814 @@ -3489,7 +3493,7 @@ - SendIt <= 1.5.9 Blind SQL Injection Vulnerability + SendIt <= 1.5.9 - Blind SQL Injection Vulnerability 17716 @@ -3499,7 +3503,7 @@ - Js-appointment <= 1.5 SQL Injection Vulnerability + Js-appointment <= 1.5 - SQL Injection Vulnerability 17724 @@ -3509,14 +3513,14 @@ - MM Forms Community <= 1.2.3 SQL Injection Vulnerability + MM Forms Community <= 1.2.3 - SQL Injection Vulnerability 17725 SQLI - MM Forms Community 2.2.6 Arbitrary File Upload + MM Forms Community 2.2.6 - Arbitrary File Upload 18997 @@ -3526,7 +3530,7 @@ - Super CAPTCHA <= 2.2.4 SQL Injection Vulnerability + Super CAPTCHA <= 2.2.4 - SQL Injection Vulnerability 17728 @@ -3536,7 +3540,7 @@ - Collision Testimonials <= 3.0 SQL Injection Vulnerability + Collision Testimonials <= 3.0 - SQL Injection Vulnerability 17729 @@ -3546,7 +3550,7 @@ - Oqey Headers <= 0.3 SQL Injection Vulnerability + Oqey Headers <= 0.3 - SQL Injection Vulnerability 17730 @@ -3556,7 +3560,7 @@ - Facebook Promotions <= 1.3.3 SQL Injection Vulnerability + Facebook Promotions <= 1.3.3 - SQL Injection Vulnerability 17737 @@ -3566,14 +3570,14 @@ - Evarisk <= 5.1.3.6 SQL Injection Vulnerability + Evarisk <= 5.1.3.6 - SQL Injection Vulnerability 17738 SQLI - Evarisk 5.1.5.4 Shell Upload + Evarisk 5.1.5.4 - Shell Upload http://packetstormsecurity.com/files/113638/ @@ -3583,7 +3587,7 @@ - Profiles <= 2.0 RC1 SQL Injection Vulnerability + Profiles <= 2.0RC1 - SQL Injection Vulnerability 17739 @@ -3593,7 +3597,7 @@ - mySTAT <= 2.6 SQL Injection Vulnerability + mySTAT <= 2.6 - SQL Injection Vulnerability 17740 @@ -3603,7 +3607,7 @@ - SH Slideshow <= 3.1.4 SQL Injection Vulnerability + SH Slideshow <= 3.1.4 - SQL Injection Vulnerability 17748 @@ -3613,7 +3617,7 @@ - iCopyright(R) Article Tools <= 1.1.4 SQL Injection Vulnerability + iCopyright(R) Article Tools <= 1.1.4 - SQL Injection Vulnerability 17749 @@ -3623,7 +3627,7 @@ - Advertizer <= 1.0 SQL Injection Vulnerability + Advertizer <= 1.0 - SQL Injection Vulnerability 17750 @@ -3633,21 +3637,21 @@ - Event Registration <= 5.44 SQL Injection Vulnerability + Event Registration <= 5.44 - SQL Injection Vulnerability 17814 SQLI - Event Registration <= 5.43 SQL Injection Vulnerability + Event Registration <= 5.43 - SQL Injection Vulnerability 17751 SQLI - Event Registration 5.32 SQL Injection Vulnerability + Event Registration 5.32 - SQL Injection Vulnerability 15513 @@ -3657,7 +3661,7 @@ - Craw Rate Tracker <= 2.0.2 SQL Injection Vulnerability + Craw Rate Tracker <= 2.0.2 - SQL Injection Vulnerability 17755 @@ -3667,7 +3671,7 @@ - wp audio gallery playlist <= 0.12 SQL Injection Vulnerability + wp audio gallery playlist <= 0.12 - SQL Injection Vulnerability 17756 @@ -3685,7 +3689,7 @@ 2.6 - yolink Search <= 1.1.4 SQL Injection Vulnerability + yolink Search <= 1.1.4 - SQL Injection Vulnerability 17757 @@ -3695,7 +3699,7 @@ - PureHTML <= 1.0.0 SQL Injection Vulnerability + PureHTML <= 1.0.0 - SQL Injection Vulnerability 17758 @@ -3705,7 +3709,7 @@ - Couponer <= 1.2 SQL Injection Vulnerability + Couponer <= 1.2 - SQL Injection Vulnerability 17759 @@ -3715,7 +3719,7 @@ - grapefile <= 1.1 Arbitrary File Upload + grapefile <= 1.1 - Arbitrary File Upload 17760 @@ -3725,7 +3729,7 @@ - image-gallery-with-slideshow <= 1.5 Arbitrary File Upload / SQL Injection + image-gallery-with-slideshow <= 1.5 - Arbitrary File Upload / SQL Injection 17761 @@ -3735,7 +3739,7 @@ - Donation <= 1.0 SQL Injection Vulnerability + Donation <= 1.0 - SQL Injection Vulnerability 17763 @@ -3745,14 +3749,14 @@ - WP Bannerize <= 2.8.6 SQL Injection Vulnerability + WP Bannerize <= 2.8.6 - SQL Injection Vulnerability 17764 SQLI - WP Bannerize <= 2.8.7 SQL Injection Vulnerability + WP Bannerize <= 2.8.7 - SQL Injection Vulnerability 17906 @@ -3762,7 +3766,7 @@ - SearchAutocomplete <= 1.0.8 SQL Injection Vulnerability + SearchAutocomplete <= 1.0.8 - SQL Injection Vulnerability 17767 @@ -3772,7 +3776,7 @@ - VideoWhisper Video Presentation <= 1.1 SQL Injection Vulnerability + VideoWhisper Video Presentation <= 1.1 - SQL Injection Vulnerability 17771 @@ -3789,7 +3793,7 @@ - Facebook Opengraph Meta <= 1.0 SQL Injection Vulnerability + Facebook Opengraph Meta <= 1.0 - SQL Injection Vulnerability 17773 @@ -3799,7 +3803,7 @@ - Zotpress <= 4.4 SQL Injection Vulnerability + Zotpress <= 4.4 - SQL Injection Vulnerability 17778 @@ -3809,7 +3813,7 @@ - oQey Gallery <= 0.4.8 SQL Injection Vulnerability + oQey Gallery <= 0.4.8 - SQL Injection Vulnerability 17779 @@ -3819,7 +3823,7 @@ - Tweet Old Post <= 3.2.5 SQL Injection Vulnerability + Tweet Old Post <= 3.2.5 - SQL Injection Vulnerability 17789 @@ -3829,7 +3833,7 @@ - post highlights <= 2.2 SQL Injection Vulnerability + post highlights <= 2.2 - SQL Injection Vulnerability 17790 @@ -3839,7 +3843,7 @@ - KNR Author List Widget <= 2.0.0 SQL Injection Vulnerability + KNR Author List Widget <= 2.0.0 - SQL Injection Vulnerability 17791 @@ -3849,7 +3853,7 @@ - SCORM Cloud <= 1.0.6.6 SQL Injection Vulnerability + SCORM Cloud <= 1.0.6.6 - SQL Injection Vulnerability 17793 @@ -3869,7 +3873,7 @@ - Paid Downloads <= 2.01 SQL Injection Vulnerability + Paid Downloads <= 2.01 - SQL Injection Vulnerability 17797 @@ -3879,7 +3883,7 @@ - Community Events <= 1.2.1 SQL Injection Vulnerability + Community Events <= 1.2.1 - SQL Injection Vulnerability 17798 @@ -3889,7 +3893,7 @@ - 1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf + 1-flash-gallery <= 1.9.0 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -3906,7 +3910,7 @@ - WP-Filebase Download Manager <= 0.2.9 SQL Injection Vulnerability + WP-Filebase Download Manager <= 0.2.9 - SQL Injection Vulnerability 17808 @@ -3924,7 +3928,7 @@ - A to Z Category Listing <= 1.3 SQL Injection Vulnerability + A to Z Category Listing <= 1.3 - SQL Injection Vulnerability 17809 @@ -3934,14 +3938,14 @@ - WP e-Commerce <= 3.8.6 SQL Injection Vulnerability + WP e-Commerce <= 3.8.6 - SQL Injection Vulnerability 17832 SQLI - WP-e-Commerce v3.8.9.5 Cross Site Scripting Vulnerability + WP-e-Commerce v3.8.9.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 @@ -3951,7 +3955,7 @@ - Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability + Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability 17858 @@ -3961,14 +3965,14 @@ - TheCartPress <= 1.6 Cross Site Sripting + TheCartPress <= 1.6 - Cross Site Sripting http://packetstormsecurity.com/files/108272/ XSS - TheCartPress 1.1.1 Remote File Inclusion + TheCartPress 1.1.1 - Remote File Inclusion 17860 @@ -3978,7 +3982,7 @@ - WPEasyStats 1.8 Remote File Inclusion + WPEasyStats 1.8 - Remote File Inclusion 17862 @@ -3988,7 +3992,7 @@ - Annonces 1.2.0.0 Remote File Inclusion + Annonces 1.2.0.0 - Remote File Inclusion 17863 @@ -3998,7 +4002,7 @@ - Livesig 0.4 Remote File Inclusion + Livesig 0.4 - Remote File Inclusion 17864 @@ -4008,7 +4012,7 @@ - Disclosure Policy 1.0 Remote File Inclusion + Disclosure Policy 1.0 - Remote File Inclusion 17865 @@ -4018,7 +4022,7 @@ - Mailing List 1.3.2 Remote File Inclusion + Mailing List 1.3.2 - Remote File Inclusion 17866 @@ -4036,14 +4040,14 @@ - Zingiri Web Shop 2.2.0 Remote File Inclusion + Zingiri Web Shop 2.2.0 - Remote File Inclusion 17867 RFI - Zingiri Web Shop <= 2.2.3 Remote Code Execution + Zingiri Web Shop <= 2.2.3 - Remote Code Execution 18111 @@ -4053,14 +4057,14 @@ - Mini Mail Dashboard Widget 1.36 Remote File Inclusion + Mini Mail Dashboard Widget 1.36 - Remote File Inclusion 17868 RFI - Mini Mail Dashboard Widget 1.42 Stored XSS + Mini Mail Dashboard Widget 1.42 - Stored XSS 20358 @@ -4070,7 +4074,7 @@ - Relocate Upload 0.14 Remote File Inclusion + Relocate Upload 0.14 - Remote File Inclusion 17869 @@ -4080,7 +4084,7 @@ - Category Grid View Gallery 0.1.1 Shell Upload vulnerability + Category Grid View Gallery 0.1.1 - Shell Upload vulnerability 17872 @@ -4097,7 +4101,7 @@ - Auto Attachments 0.2.9 Shell Upload vulnerability + Auto Attachments 0.2.9 - Shell Upload vulnerability 17872 @@ -4107,7 +4111,7 @@ - WP Marketplace 1.1.0 Shell Upload vulnerability + WP Marketplace 1.1.0 - Shell Upload vulnerability 17872 @@ -4117,7 +4121,7 @@ - DP Thumbnail 1.0 Shell Upload vulnerability + DP Thumbnail 1.0 - Shell Upload vulnerability 17872 @@ -4127,7 +4131,7 @@ - Vk Gallery 1.1.0 Shell Upload vulnerability + Vk Gallery 1.1.0 - Shell Upload vulnerability 17872 @@ -4137,7 +4141,7 @@ - Rekt Slideshow 1.0.5 Shell Upload vulnerability + Rekt Slideshow 1.0.5 - Shell Upload vulnerability 17872 @@ -4147,7 +4151,7 @@ - CAC Featured Content 0.8 Shell Upload vulnerability + CAC Featured Content 0.8 - Shell Upload vulnerability 17872 @@ -4157,7 +4161,7 @@ - Rent A Car 1.0 Shell Upload vulnerability + Rent A Car 1.0 - Shell Upload vulnerability 17872 @@ -4167,7 +4171,7 @@ - LISL Last Image Slider 1.0 Shell Upload vulnerability + LISL Last Image Slider 1.0 - Shell Upload vulnerability 17872 @@ -4177,7 +4181,7 @@ - Islidex 2.7 Shell Upload vulnerability + Islidex 2.7 - Shell Upload vulnerability 17872 @@ -4187,7 +4191,7 @@ - Kino Gallery 1.0 Shell Upload vulnerability + Kino Gallery 1.0 - Shell Upload vulnerability 17872 @@ -4197,7 +4201,7 @@ - Cms Pack 1.3 Shell Upload vulnerability + Cms Pack 1.3 - Shell Upload vulnerability 17872 @@ -4207,7 +4211,7 @@ - A Gallery 0.9 Shell Upload vulnerability + A Gallery 0.9 - Shell Upload vulnerability 17872 @@ -4217,7 +4221,7 @@ - Category List Portfolio Page 0.9 Shell Upload vulnerability + Category List Portfolio Page 0.9 - Shell Upload vulnerability 17872 @@ -4227,7 +4231,7 @@ - Really Easy Slider 0.1 Shell Upload vulnerability + Really Easy Slider 0.1 - Shell Upload vulnerability 17872 @@ -4237,7 +4241,7 @@ - Verve Meta Boxes 1.2.8 Shell Upload vulnerability + Verve Meta Boxes 1.2.8 - Shell Upload vulnerability 17872 @@ -4247,7 +4251,7 @@ - User Avatar 1.3.7 shell upload vulnerability + User Avatar 1.3.7 - shell upload vulnerability 17872 @@ -4257,7 +4261,7 @@ - Extend 1.3.7 Shell Upload vulnerability + Extend 1.3.7 - Shell Upload vulnerability 17872 @@ -4267,14 +4271,14 @@ - AdRotate <= 3.6.5 SQL Injection Vulnerability + AdRotate <= 3.6.5 - SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI - AdRotate <= 3.6.6 SQL Injection Vulnerability + AdRotate <= 3.6.6 - SQL Injection Vulnerability 18114 @@ -4284,7 +4288,7 @@ - WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability + WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability 17970 @@ -4294,7 +4298,7 @@ - GD Star Rating Export Security Bypass Security Issue + GD Star Rating - Export Security Bypass Security Issue 49850 @@ -4302,14 +4306,14 @@ 1.9.19 - GD Star Rating <= 1.9.16 Cross Site Scripting + GD Star Rating <= 1.9.16 - Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS - GD Star Rating <= 1.9.10 SQL Injection + GD Star Rating <= 1.9.10 - SQL Injection 17973 @@ -4319,7 +4323,7 @@ - Contact Form <= 2.7.5 SQL Injection + Contact Form <= 2.7.5 - SQL Injection 17980 @@ -4329,14 +4333,14 @@ - WP Photo Album Plus <= 4.1.1 SQL Injection + WP Photo Album Plus <= 4.1.1 - SQL Injection 17983 SQLI - WP Photo Album Plus <= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS + WP Photo Album Plus <= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS 88851 51669 @@ -4413,7 +4417,7 @@ - portable-phpMyAdmin Authentication Bypass + portable-phpMyAdmin - Authentication Bypass 88391 2012-5469 @@ -4427,7 +4431,7 @@ - super-refer-a-friend Full Path Disclosure + super-refer-a-friend - Full Path Disclosure http://1337day.com/exploit/20126 @@ -4473,7 +4477,7 @@ - WP-Super-Cache Remote Code Execution + WP-Super-Cache - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d @@ -4488,14 +4492,14 @@ - ripe-hd-player 1.0 SQL Injection + ripe-hd-player 1.0 - SQL Injection 24229 SQLI - ripe-hd-player 1.0 Full Path Disclosure + ripe-hd-player 1.0 - Full Path Disclosure 24229 @@ -4505,7 +4509,7 @@ - floating-tweets persistent XSS + floating-tweets persistent - XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4524,7 +4528,7 @@ - ipfeuilledechou SQL Injection Vulnerability + ipfeuilledechou - SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 @@ -4535,7 +4539,7 @@ - Simple Login Log XSS + Simple Login Log - XSS 51780 @@ -5210,7 +5214,7 @@ - wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf + wp-table-reloaded <= 1.9.3 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -5317,7 +5321,7 @@ - CKEditor 4.0 Arbitrary File Upload Exploit + CKEditor 4.0 - Arbitrary File Upload Exploit http://1337day.com/exploit/20318 @@ -5351,7 +5355,7 @@ - Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect + Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect 90559 @@ -5383,7 +5387,7 @@ - Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection + Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection http://1337day.com/exploits/20433 @@ -5425,7 +5429,7 @@ - zopim-live-chat <= 1.2.5 XSS in ZeroClipboard + zopim-live-chat <= 1.2.5 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5437,7 +5441,7 @@ - ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard + ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5448,7 +5452,7 @@ - wppygments <= 0.3.2 XSS in ZeroClipboard + wppygments <= 0.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5460,7 +5464,7 @@ - copy-in-clipboard <= 0.8 XSS in ZeroClipboard + copy-in-clipboard <= 0.8 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5471,7 +5475,7 @@ - search-and-share <= 0.9.3 XSS in ZeroClipboard + search-and-share <= 0.9.3 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5482,7 +5486,7 @@ - placester <= 0.3.12 XSS in ZeroClipboard + placester <= 0.3.12 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5493,7 +5497,7 @@ - drp-coupon <= 2.1 XSS in ZeroClipboard + drp-coupon <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5504,7 +5508,7 @@ - coupon-code-plugin <= 2.1 XSS in ZeroClipboard + coupon-code-plugin <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5515,7 +5519,7 @@ - q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard + q2w3-inc-manager <= 2.3.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5526,7 +5530,7 @@ - scorerender <= 0.3.4 XSS in ZeroClipboard + scorerender <= 0.3.4 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5537,7 +5541,7 @@ - wp-link-to-us <= 2.0 XSS in ZeroClipboard + wp-link-to-us <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5549,7 +5553,7 @@ - buckets <= 0.1.9.2 XSS in ZeroClipboard + buckets <= 0.1.9.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5561,7 +5565,7 @@ - java-trackback <= 0.2 XSS in ZeroClipboard + java-trackback <= 0.2 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5572,7 +5576,7 @@ - slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard + slidedeck2 <= 2.1.20130228 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5584,7 +5588,7 @@ - wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard + wp-clone-by-wp-academy <= 2.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5596,7 +5600,7 @@ - tiny-url <= 1.3.2 XSS in ZeroClipboard + tiny-url <= 1.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5608,7 +5612,7 @@ - thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard. + thethe-layout-grid <= 1.0.0 - XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5620,7 +5624,7 @@ - paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard + paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5632,7 +5636,7 @@ - mobileview <= 1.0.7 XSS in ZeroClipboard + mobileview <= 1.0.7 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5644,7 +5648,7 @@ - jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard + jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5656,7 +5660,7 @@ - geshi-source-colorer <= 0.13 XSS in ZeroClipboard + geshi-source-colorer <= 0.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5668,7 +5672,7 @@ - click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard + click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5680,7 +5684,7 @@ - cleeng <= 2.3.2 XSS in ZeroClipboard + cleeng <= 2.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5692,7 +5696,7 @@ - bp-code-snippets <= 2.0 XSS in ZeroClipboard + bp-code-snippets <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5704,7 +5708,7 @@ - snazzy-archives <= 1.7.1 XSS vulnerability + snazzy-archives <= 1.7.1 - XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 @@ -5889,7 +5893,7 @@ - podPress 8.8.10.13 Cross Site Scripting + podPress 8.8.10.13 - Cross Site Scripting http://packetstormsecurity.com/files/121011/ @@ -6011,7 +6015,7 @@ - background-music 1.0 jPlayer.swf XSS + background-music 1.0 - jPlayer.swf XSS 53057 @@ -6021,7 +6025,7 @@ - haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS + haiku-minimalist-audio-player <= 1.0.0 - jPlayer.swf XSS 51336 @@ -6031,7 +6035,7 @@ - jammer <= 0.2 jPlayer.swf XSS + jammer <= 0.2 - jPlayer.swf XSS 53106 @@ -6052,7 +6056,7 @@ - top-10 CSRF + top-10 - CSRF 53205 @@ -6498,7 +6502,7 @@ - Xorbin Analog Flash Clock 1.0 Flash-based XSS + Xorbin Analog Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 @@ -6509,7 +6513,7 @@ - Xorbin Digital Flash Clock 1.0 Flash-based XSS + Xorbin Digital Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693