garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new secunia advisories added

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-27 23:49:27 +01:00
parent b092be316f
commit 7ef1b1d39a
3 changed files with 180 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
data/plugin_vulns.xml
View File

@@ -25,7 +25,9 @@
<vulnerability>
<title>Crayon Syntax Highlighter Remote File Inclusion</title>
<reference>http://secunia.com/advisories/50804/</reference>
<reference>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</reference>
<reference>
http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
</reference>
<type>RFI</type>
</vulnerability>
</plugin>
@@ -78,7 +80,9 @@
<vulnerability>
<title>FireStorm Professional Real Estate Plugin &lt; 2.06.03 Multiple SQL Injection</title>
<reference>http://secunia.com/advisories/50873/</reference>
<reference>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</reference>
<reference>
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
@@ -120,7 +124,8 @@
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<reference>http://secunia.com/advisories/51346/</reference>
<reference>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</reference>
<reference>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
</reference>
<type>RFI</type>
</vulnerability>
</plugin>
@@ -138,7 +143,8 @@
<vulnerability>
<title>Google Document Embedder &lt; 2.5.4 Arbitrary File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/23970/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
</reference>
<reference>http://secunia.com/advisories/50832/</reference>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
<type>UNKNOWN</type>
@@ -172,7 +178,8 @@
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<reference>http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html</reference>
<reference>http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html
</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
@@ -279,7 +286,9 @@
</vulnerability>
<vulnerability>
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</reference>
<reference>
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
@@ -452,6 +461,11 @@
<reference>http://secunia.com/advisories/51250/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Carousel Slideshow Plugin &lt; 3.10 Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/50377/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-dreamworkgallery">
@@ -500,6 +514,11 @@
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Image News slider Plugin &lt; 3.4 Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/50390/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
@@ -623,8 +642,10 @@
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal </title>
<reference>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</reference>
<title>ABtest Directory Traversal</title>
<reference>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
@@ -681,6 +702,7 @@
<vulnerability>
<title>SimpleMail 1.0.6 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20361/</reference>
<reference>http://secunia.com/advisories/50208/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -689,6 +711,7 @@
<vulnerability>
<title>Postie 1.4.3 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20360/</reference>
<reference>http://secunia.com/advisories/50207/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -697,6 +720,7 @@
<vulnerability>
<title>RSVPMaker v2.5.4 Persistent XSS</title>
<reference>http://www.exploit-db.com/exploits/20474/</reference>
<reference>http://secunia.com/advisories/50289/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -705,6 +729,7 @@
<vulnerability>
<title>Mz-jajak &lt;= 2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/20416/</reference>
<reference>http://secunia.com/advisories/50217/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
@@ -727,8 +752,9 @@
<plugin name="backup">
<vulnerability>
<title>Backup Plugin 2.0.1 Information Disclosure</title>
<title>Backup Plugin &lt; 2.1 Information Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19524/</reference>
<reference>http://secunia.com/advisories/50038/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
@@ -800,7 +826,8 @@
<plugin name="videowhisper-video-conference-integration">
<vulnerability>
<title>VideoWhisper Video Conference
4.51 Arbitrary File Upload Vulnerability</title>
4.51 Arbitrary File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113580/</reference>
<type>UPLOAD</type>
</vulnerability>
@@ -809,7 +836,8 @@
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions Plugin 2.0.1.3 Arbitrary
File Upload Vulnerability</title>
File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113568/</reference>
<type>UPLOAD</type>
</vulnerability>
@@ -858,7 +886,8 @@ File Upload Vulnerability</title>
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 Arbitrary
File Upload Vulnerability</title>
File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113571/</reference>
<type>UPLOAD</type>
</vulnerability>
@@ -872,7 +901,8 @@ File Upload Vulnerability</title>
</vulnerability>
<vulnerability>
<title>Contus HD FLV Player 1.7 Arbitrary
File Upload Vulnerability</title>
File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113570/</reference>
<type>UPLOAD</type>
</vulnerability>
@@ -932,6 +962,11 @@ File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/49923/</reference>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin &lt; 3.0 Multiple Script Insertion Vulnerabilities</title>
<reference>http://secunia.com/advisories/49836/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19056/</reference>
@@ -1104,7 +1139,9 @@ File Upload Vulnerability</title>
<plugin name="foxypress">
<vulnerability>
<title>Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload</title>
<reference>http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/</reference>
<reference>http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/,
http://www.exploit-db.com/exploits/19100/
</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
@@ -1228,6 +1265,7 @@ File Upload Vulnerability</title>
<vulnerability>
<title>LeagueManager &lt;= 3.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112698/</reference>
<reference>http://secunia.com/advisories/49949/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -1390,6 +1428,11 @@ File Upload Vulnerability</title>
</plugin>
<plugin name="zingiri-web-shop">
<vulnerability>
<title>WordPress Zingiri Web Shop Plugin &lt; 2.4.8 Cookie SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/49398/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 Multiple XSS Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18787/</reference>
@@ -1597,7 +1640,7 @@ File Upload Vulnerability</title>
<plugin name="wp-recaptcha">
<vulnerability>
<title>Google reCAPTCHA &lt;= 3.1.3 Reflected XSS Vulnerability </title>
<title>Google reCAPTCHA &lt;= 3.1.3 Reflected XSS Vulnerability</title>
<reference>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</reference>
<type>XSS</type>
</vulnerability>
@@ -2947,13 +2990,18 @@ File Upload Vulnerability</title>
<plugin name="gd-star-rating">
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.10 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17973/</reference>
<type>SQLI</type>
<title>WordPress GD Star Rating Plugin &lt; 1.9.19 Export Security Bypass Security Issue</title>
<reference>http://secunia.com/advisories/49850/</reference>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.16 Cross Site Scripting</title>
<reference>http://www.packetstormsecurity.org/files/112702</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.10 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17973/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
@@ -3364,5 +3412,102 @@ File Upload Vulnerability</title>
</vulnerability>
</plugin>
<plugin name="webplayer">
<vulnerability>
<title>WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50466/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cloudsafe365-for-wp">
<vulnerability>
<title>WordPress Cloudsafe365 Plugin &lt; 1.47 Multiple Vulnerabilities</title>
<reference>http://secunia.com/advisories/50392/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="vitamin">
<vulnerability>
<title>WordPress Vitamin Plugin &lt; 1.1 Two Arbitrary File Disclosure Vulnerabilities</title>
<reference>http://secunia.com/advisories/50176/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="featured-post-with-thumbnail">
<vulnerability>
<title>WordPress Featured Post with thumbnail Plugin &lt; 1.5 Unspecified timthumb Vulnerability</title>
<reference>http://secunia.com/advisories/50161/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-effective-lead-management">
<vulnerability>
<title>WordPress WP Lead Management Plugin Script Insertion Vulnerabilities</title>
<reference>http://secunia.com/advisories/50166/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xve-various-embed">
<vulnerability>
<title>WordPress XVE Various Embed Plugin JW Player &lt; 1.0.4 Multiple Cross-Site Scripting Vulnerabilities
</title>
<reference>http://secunia.com/advisories/50173/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="g-lock-double-opt-in-manager">
<vulnerability>
<title>WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities</title>
<reference>http://secunia.com/advisories/50100/</reference>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="kau-boys-backend-localization">
<vulnerability>
<title>WordPress Backend Localization Plugin &lt; 2.0 Cross-Site Scripting Vulnerabilities</title>
<reference>http://secunia.com/advisories/50099/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="flexi-quote-rotator">
<vulnerability>
<title>WordPress Flexi Quote Rotator Plugin &lt; 0.9.2 Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/49910/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="gotmls">
<vulnerability>
<title>WordPress Get Off Malicious Scripts &lt; 1.2.07.20 Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50030/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cimy-user-extra-fields">
<vulnerability>
<title>WordPress Cimy User Extra Fields Plugin &lt; 2.3.9 Arbitrary File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/49975/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="nmedia-user-file-uploader">
<vulnerability>
<title>WordPress Nmedia Users File Uploader Plugin &lt; 2.0 Arbitrary File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/49996/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
</vulnerabilities>

1
data/vuln.xsd
View File

@@ -90,5 +90,4 @@
</xs:unique>
</xs:element>
</xs:schema>