garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #365 from pvdl/vulns

Browse Source 
Update WordPress Vulnerabilities
This commit is contained in:
erwanlr
2013-11-12 12:36:48 -08:00
parent d02108ece2 d4758bd22f
commit 89dcf33a6e
1 changed files with 170 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

184
data/plugin_vulns.xml
View File

@@ -493,6 +493,14 @@
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Uploader 1.0.4 - notify.php blog Parameter XSS</title>
<references>
<osvdb>90840</osvdb>
<secunia>52465</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xerte-online">
@@ -583,6 +591,14 @@
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Blaze Slideshow 2.1 - Unspecified Security Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/52677</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="comment-extra-field">
@@ -1484,6 +1500,7 @@
<title>PICA Photo Gallery 1.0 - Remote File Disclosure</title>
<references>
<exploitdb>19016</exploitdb>
<url>http://www.securityfocus.com/bid/53893</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
@@ -1710,6 +1727,14 @@
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/52960</url>
</references>
<type>UPLOAD</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="store-locator-le">
@@ -1951,7 +1976,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LeagueManager v3.8 - SQL Injection</title>
<title>LeagueManager 3.8 - SQL Injection</title>
<references>
<exploitdb>24789</exploitdb>
<cve>2013-1852</cve>
@@ -2430,6 +2455,22 @@
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS</title>
<references>
<osvdb>90833</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>90832</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 - Cross Site Scripting</title>
<references>
@@ -2441,8 +2482,10 @@
<title>Count Per Day 3.1.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/114787/</url>
<url>http://www.securityfocus.com/bid/54258</url>
</references>
<type>XSS</type>
<fixed_in>3.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Count Per Day &lt;= 3.1.1 - Multiple Vulnerabilities</title>
@@ -2699,16 +2742,20 @@
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Symposium - &quot;u&quot; XSS</title>
<title>WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS</title>
<references>
<osvdb>92275</osvdb>
<cve>2013-2695</cve>
<secunia>52864</secunia>
</references>
<type>XSS</type>
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium - &quot;u&quot; Redirection Weakness</title>
<title>WP Symposium 13.02 - invite.php u Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>92274</osvdb>
<cve>2013-2694</cve>
<secunia>52925</secunia>
</references>
<type>REDIRECT</type>
@@ -4633,16 +4680,21 @@
<plugin name="ripe-hd-player">
<vulnerability>
<title>ripe-hd-player 1.0 - SQL Injection</title>
<title>ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection</title>
<references>
<osvdb>89437</osvdb>
<exploitdb>24229</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/81415</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>ripe-hd-player 1.0 - Full Path Disclosure</title>
<title>ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>89438</osvdb>
<exploitdb>24229</exploitdb>
<url>http://www.securityfocus.com/bid/57473</url>
<url>http://xforce.iss.net/xforce/xfdb/81414</url>
</references>
<type>FPD</type>
</vulnerability>
@@ -4808,6 +4860,33 @@
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS</title>
<references>
<osvdb>90913</osvdb>
<secunia>52475</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.5 - index.php event_owner_name Parameter XSS</title>
<references>
<osvdb>90914</osvdb>
<secunia>52475</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS</title>
<references>
<osvdb>90915</osvdb>
<secunia>52475</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.8 - Multiple XSS Vulnerabilities</title>
<references>
@@ -5531,9 +5610,19 @@
<plugin name="contact-form-plugin">
<vulnerability>
<title>Contact Form - XSS</title>
<title>Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS</title>
<references>
<osvdb>90502</osvdb>
<secunia>52179</secunia>
</references>
<type>XSS</type>
<fixed_in>3.35</fixed_in>
</vulnerability>
<vulnerability>
<title>Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS</title>
<references>
<osvdb>90503</osvdb>
<secunia>52250</secunia>
</references>
<type>XSS</type>
</vulnerability>
@@ -5584,9 +5673,11 @@
<plugin name="responsive-logo-slideshow">
<vulnerability>
<title>Responsive Logo Slideshow - Cross Site Scripting</title>
<title>Responsive Logo Slideshow - URL and Image Field XSS</title>
<references>
<osvdb>90406</osvdb>
<url>http://packetstormsecurity.com/files/120379/</url>
<url>http://seclists.org/bugtraq/2013/Feb/84</url>
</references>
<type>XSS</type>
</vulnerability>
@@ -6138,7 +6229,7 @@
<plugin name="social-media-widget">
<vulnerability>
<title>social-media-widget - malicious code</title>
<title>Social Media Widget - malicious code</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
<url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</url>
@@ -6146,6 +6237,17 @@
<type>UNKNOWN</type>
<fixed_in>4.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection</title>
<references>
<osvdb>92312</osvdb>
<cve>2013-1949</cve>
<secunia>53020</secunia>
<url>http://seclists.org/oss-sec/2013/q2/10</url>
</references>
<type>UNKNOWN</type>
<fixed_in>4.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="facebook-members">
@@ -6240,8 +6342,9 @@
<plugin name="top-10">
<vulnerability>
<title>top-10 - CSRF</title>
<title>top-10 1.9.2 - Setting Manipulation CSRF</title>
<references>
<osvdb>92849</osvdb>
<secunia>53205</secunia>
</references>
<type>CSRF</type>
@@ -6374,8 +6477,9 @@
<plugin name="contextual-related-posts">
<vulnerability>
<title>Contextual Related Posts - Cross-Site Request Forgery Vulnerability</title>
<title>Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93088</osvdb>
<secunia>52960</secunia>
</references>
<type>CSRF</type>
@@ -6385,8 +6489,10 @@
<plugin name="calendar">
<vulnerability>
<title>Calendar - Cross-Site Request Forgery Vulnerability</title>
<title>Calendar 1.3.2 - Entry Addition CSRF</title>
<references>
<osvdb>93025</osvdb>
<cve>2013-2698</cve>
<secunia>52841</secunia>
</references>
<type>CSRF</type>
@@ -6396,8 +6502,11 @@
<plugin name="feedweb">
<vulnerability>
<title>Feedweb - 'wp_post_id' Parameter XSS</title>
<title>Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS</title>
<references>
<osvdb>91951</osvdb>
<cve>2013-3720</cve>
<secunia>52855</secunia>
<url>http://www.securityfocus.com/bid/58771</url>
</references>
<type>XSS</type>
@@ -6478,9 +6587,10 @@
<plugin name="xili-language">
<vulnerability>
<title>xili-language - XSS</title>
<title>xili-language - index.php lang Parameter XSS</title>
<references>
<url>http://wordpress.org/plugins/xili-language/changelog/</url>
<osvdb>93233</osvdb>
<secunia>53364</secunia>
</references>
<type>XSS</type>
<fixed_in>2.8.6</fixed_in>
@@ -6504,6 +6614,14 @@
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass</title>
<references>
<osvdb>92147</osvdb>
<secunia>52949</secunia>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="underconstruction">
@@ -7157,6 +7275,14 @@
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - add_banner.php Unspecified XSS</title>
<references>
<osvdb>99320</osvdb>
<url>http://packetstormsecurity.com/files/123367/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
<references>
@@ -7963,4 +8089,34 @@
</vulnerability>
</plugin>
<plugin name="fcchat">
<vulnerability>
<title>FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53855</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="another-wordpress-classifieds-plugin">
<vulnerability>
<title>Another WordPress Classifieds - Unspecified Image Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/52861</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="picturesurf-gallery">
<vulnerability>
<title>Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53894</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
</vulnerabilities>