garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #345 from pvdl/master

Browse Source 
Update WordPress Vulnerabilities
This commit is contained in:
erwanlr
2013-10-29 03:54:37 -07:00
parent 10323a59af 924770f73e
commit 81d17639eb
3 changed files with 105 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
data/plugin_vulns.xml
View File

@@ -4547,6 +4547,10 @@
<vulnerability>
<title>W3 Total Cache - Username and Hash Extract</title>
<references>
<osvdb>92742</osvdb>
<osvdb>92741</osvdb>
<cve>2012-6079</cve>
<cve>2012-6078</cve>
<url>http://seclists.org/fulldisclosure/2012/Dec/242</url>
<url>https://github.com/FireFart/W3TotalCacheExploit</url>
<metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
@@ -7712,4 +7716,72 @@
</vulnerability>
</plugin>
<plugin name="dhtmlxspreadsheet">
<vulnerability>
<title>Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS</title>
<references>
<osvdb>98831</osvdb>
<cve>2013-6281</cve>
<secunia>55396</secunia>
<url>http://www.securityfocus.com/bid/63256</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tweet-blender">
<vulnerability>
<title>Tweet Blender 4.0.1 - Unspecified XSS</title>
<references>
<osvdb>98978</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sb-uploader">
<vulnerability>
<title>WordPress SB Uploader 3.9 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/119159/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="connections">
<vulnerability>
<title>Connections &lt;= 0.7.1.5 - Unspecified Security Vulnerability</title>
<references>
<cve>2011-5254</cve>
<url>http://www.securityfocus.com/bid/51204</url>
</references>
<type>XSS</type>
<fixed_in>0.7.1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="gallery-bank">
<vulnerability>
<title>Gallery Bank 2.0.19 - Multiple Unspecified XSS</title>
<references>
<osvdb>99045</osvdb>
<secunia>55443</secunia>
<url>http://www.securityfocus.com/bid/63382</url>
</references>
<type>XSS</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
<vulnerability>
<title>Gallery Bank 2.0.19 - Multiple Unspecified Issues</title>
<references>
<osvdb>99046</osvdb>
<secunia>55443</secunia>
<url>http://www.securityfocus.com/bid/63382</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
</plugin>
</vulnerabilities>

32
data/theme_vulns.xml
View File

@@ -1854,4 +1854,36 @@
</vulnerability>
</theme>
<theme name="simpledark">
<vulnerability>
<title>SimpleDark 1.2.10 - 's' Parameter Cross Site Scripting Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/46615</url>
</references>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="geoplaces4">
<vulnerability>
<title>GeoPlaces - File Upload Handling Remote Command Execution</title>
<references>
<osvdb>98975</osvdb>
<url>http://packetstormsecurity.com/files/123773/</url>
</references>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="curvo">
<vulnerability>
<title>Curvo - wp-content/themes/curvo/functions/upload-handler.php File Upload CSRF</title>
<references>
<osvdb>99043</osvdb>
<url>http://packetstormsecurity.com/files/123799/</url>
</references>
<type>CSRF</type>
</vulnerability>
</theme>
</vulnerabilities>

1
data/wp_vulns.xml
View File

@@ -587,6 +587,7 @@
<title>Wordpress &lt;= 3.1.2 Clickjacking Vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Sep/219</url>
<url>http://www.securityfocus.com/bid/49730</url>
</references>
<type>UNKNOWN</type>
</vulnerability>