From cfa222c3b62c3979388aafc1d9d65e203e071812 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Mon, 11 Nov 2013 18:01:38 +0100 Subject: [PATCH 1/3] Update OSVDB 85682,85567,85729 --- data/plugin_vulns.xml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 5e7a223c..bda8e428 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -995,12 +995,15 @@ - Answer My Question 1.1 - Multiple XSS + Answer My Question 1.1 - record_question.php Multiple Parameter XSS - http://www.securityfocus.com/archive/1/524625/30/0/threaded + 85567 50655 + http://www.securityfocus.com/archive/1/524625/30/0/threaded + http://seclists.org/bugtraq/2012/Nov/24 XSS + 1.2 @@ -5120,9 +5123,11 @@ - Notices Ticker - Cross-Site Request Forgery Vulnerability + Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability + 85729 50717 + http://packetstormsecurity.org/files/116774/ CSRF @@ -5130,9 +5135,12 @@ - MF Gig Calendar - URL Cross-Site Scripting Vulnerability + MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability + 85682 + 2012-4242 50571 + http://packetstormsecurity.org/files/116713/ XSS From 43c7586b6182045bc2277cd96a484ecfe78a2342 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Mon, 11 Nov 2013 18:18:29 +0100 Subject: [PATCH 2/3] Update theme_vulns.xml --- data/theme_vulns.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index 6fe031bb..d03cc34a 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -2014,6 +2014,26 @@ + + + Shotzz - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19829 + + UPLOAD + + + + + + vithy - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19830 + + UPLOAD + + + Kernel Theme - functions/upload-handler.php File Upload Remote Code Execution From cc0ce769b78f0b2db6070da7760373d9a9591f6a Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Mon, 11 Nov 2013 23:28:28 +0100 Subject: [PATCH 3/3] Update theme_vulns.xml --- data/theme_vulns.xml | 100 +++++++++++++++++++++++++------------------ 1 file changed, 59 insertions(+), 41 deletions(-) diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index d03cc34a..7ce1f5f4 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -80,54 +80,92 @@ - vithy Full Path Disclosure vulnerability + vithy - Full Path Disclosure vulnerability http://1337day.com/exploit/20040 FPD + + vithy - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19830 + + UPLOAD + - appius Full Path Disclosure vulnerability + appius - Full Path Disclosure vulnerability http://1337day.com/exploit/20039 FPD + + appius - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19831 + + UPLOAD + - yvora Full Path Disclosure vulnerability + yvora - Full Path Disclosure vulnerability http://1337day.com/exploit/20038 FPD + + yvora - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19834 + + UPLOAD + - shotzz Full Path Disclosure vulnerability + Shotzz - Full Path Disclosure vulnerability http://1337day.com/exploit/20041 FPD + + Shotzz - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19829 + + UPLOAD + + + + + + dagda - Arbitrary File Upload Vulnerability + + http://1337day.com/exploit/19832 + + UPLOAD + - moneymasters Full Path Disclosure vulnerability + moneymasters - Full Path Disclosure vulnerability http://1337day.com/exploit/20077 FPD - moneymasters File Upload Vulnerability (metasploit) + moneymasters - File Upload Vulnerability (metasploit) http://1337day.com/exploit/20076 @@ -457,7 +495,7 @@ - WordPress Famous Theme 2.0.5 Shell Upload + Famous 2.0.5 - Shell Upload http://packetstormsecurity.org/files/113842/ @@ -467,7 +505,7 @@ - WordPress Deep-Blue Theme 1.9.2 Arbitrary File Upload Vulnerability + Deep-Blue 1.9.2 - Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113843/ @@ -477,7 +515,7 @@ - WordPress Classipress Theme <= 3.1.4 Stored XSS + Classipress <= 3.1.4 - Stored XSS 18053 http://cxsecurity.com/issue/WLB-2011110001 @@ -1528,7 +1566,7 @@ - Wordpress dt-chocolate Theme Image Open redirect + dt-chocolate - Image Open redirect http://cxsecurity.com/issue/WLB-2013020011 @@ -1545,7 +1583,7 @@ - Wordpress theme sandbox Arbitrary File Upload/FD Vulnerability + sandbox - Arbitrary File Upload/FD Vulnerability http://1337day.com/exploit/20228 @@ -1555,7 +1593,7 @@ - WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability + Clockstone - upload.php Arbitrary File Upload Vulnerability 51619 @@ -1565,7 +1603,7 @@ - WordPress Archin Theme Cross-Site Scripting and Arbitrary File Upload Vulnerabilities + Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities 50711 @@ -1575,7 +1613,7 @@ - WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities + Purity - Multiple Cross-Site Scripting Vulnerabilities 50627 @@ -1599,7 +1637,7 @@ - montezuma <= 1.1.3 XSS in ZeroClipboard.swf + montezuma <= 1.1.3 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -1609,7 +1647,7 @@ - scarlet <= 1.1.3 XSS in ZeroClipboard.swf + scarlet <= 1.1.3 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -1619,7 +1657,7 @@ - allure-real-estate-theme-for-placester <= 0.1.1 XSS in ZeroClipboard.swf + allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -1629,7 +1667,7 @@ - allure-real-estate-theme-for-real-estate <= 0.1.1 XSS in ZeroClipboard.swf + allure-real-estate-theme-for-real-estate <= 0.1.1 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -1639,7 +1677,7 @@ - felici XSS Vulnerability + felici - XSS Vulnerability http://1337day.com/exploit/20560 @@ -1649,7 +1687,7 @@ - Classic v1.5 Theme PHP_SELF XSS + Classic 1.5 - PHP_SELF XSS http://osvdb.org/38450 2007-4483 @@ -1660,7 +1698,7 @@ - brilliant File Upload Vulnerability + brilliant - File Upload Vulnerability http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/ @@ -2014,26 +2052,6 @@ - - - Shotzz - Arbitrary File Upload Vulnerability - - http://1337day.com/exploit/19829 - - UPLOAD - - - - - - vithy - Arbitrary File Upload Vulnerability - - http://1337day.com/exploit/19830 - - UPLOAD - - - Kernel Theme - functions/upload-handler.php File Upload Remote Code Execution