From e3bc50a163154c36298c5878ca936bb05b73af2b Mon Sep 17 00:00:00 2001
From: erwanlr <erwanlr@users.noreply.github.com>
Date: Tue, 27 May 2014 14:55:42 +0200
Subject: [PATCH 1/4] Fixes #487

---
 data/plugin_vulns.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 1651ce0b..a64f194c 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -10500,7 +10500,7 @@
       <fixed_in>3.7.2</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>Contact Form 7 3.5.3 - Crafted File Extension Upload Remote Code Execution</title>
+      <title>Contact Form 7 &amp; Old WP Versions - Crafted File Extension Upload Remote Code Execution</title>
       <references>
         <osvdb>102776</osvdb>
         <url>http://packetstormsecurity.com/files/125018/</url>

From 47d8818028f0d6852304f7cab775bb29fa95420a Mon Sep 17 00:00:00 2001
From: Peter <vanderlaan.pm@gmail.com>
Date: Wed, 28 May 2014 11:18:58 +0200
Subject: [PATCH 2/4] Update vuln db

---
 data/plugin_vulns.xml | 67 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index a64f194c..d68c8534 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -12727,4 +12727,71 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="cool-video-gallery">
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF</title>
+      <references>
+        <osvdb>107354</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF</title>
+      <references>
+        <osvdb>107355</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF</title>
+      <references>
+        <osvdb>107356</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF</title>
+      <references>
+        <osvdb>107357</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF</title>
+      <references>
+        <osvdb>107358</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF</title>
+      <references>
+        <osvdb>107359</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF</title>
+      <references>
+        <osvdb>107360</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+    <vulnerability>
+     <title>Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF</title>
+      <references>
+        <osvdb>107361</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.9</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From 098b14884db49f6091b7044513c1a279eb5d8bb8 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Thu, 29 May 2014 14:46:54 +0200
Subject: [PATCH 3/4] Fixes #491 - DZS Video Gallery Content Spoofing & XSS

---
 data/plugin_vulns.xml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index d68c8534..e7d5f141 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -10637,6 +10637,13 @@
       </references>
       <type>FPD</type>
     </vulnerability>
+    <vulnerability>
+      <title>DZS Video Gallery - Flash Files Content Spoofing &amp; Cross-Site Scripting</title>
+      <references>
+        <url>http://seclists.org/fulldisclosure/2014/May/157</url>
+      </references>
+      <type>MULTI</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="askapache-firefox-adsense">
@@ -12306,7 +12313,7 @@
       <fixed_in>1.0.4</fixed_in>
     </vulnerability>
   </plugin>
-  
+
   <plugin name="wp-business-intelligence-lite">
     <vulnerability>
       <title>WP Business intelligence lite &lt;= 1.0.6 - Remote Code Execution Exploit</title>
@@ -12585,7 +12592,7 @@
       <fixed_in>1.2</fixed_in>
     </vulnerability>
   </plugin>
-  
+
   <plugin name="photo-gallery">
     <vulnerability>
       <title>Photo-Gallery - UploadHandler.php File Upload CSRF</title>

From c4b146b36b6ccdd5952b51696a3d30e5153ab861 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Thu, 29 May 2014 14:53:42 +0200
Subject: [PATCH 4/4] Fixes #489 - Adds bib2html CVE

---
 data/plugin_vulns.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e7d5f141..81fd4a8d 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -12715,6 +12715,7 @@
      <title>bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS</title>
       <references>
         <osvdb>107296</osvdb>
+        <cve>2014-3870</cve>
         <url>http://packetstormsecurity.com/files/126782/</url>
         <url>http://www.securityfocus.com/bid/67589</url>
       </references>