From 91ce223b2b239bb5ce3b08adbd027469e6b6ddf4 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Sat, 26 Jan 2013 14:12:13 +0100 Subject: [PATCH] added the first secunia advisories --- data/plugin_vulns.xml | 152 ++++++++++++++++++++++++++++++++++++++++-- data/theme_vulns.xml | 8 +++ 2 files changed, 154 insertions(+), 6 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 32b637ae..9926281f 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -71,7 +71,12 @@ - FireStorm Professional Real Estate Plugin Multiple SQL Injection + WordPress FireStorm Professional Real Estate Plugin < 2.06.04 "id" SQL Injection Vulnerability + http://secunia.com/advisories/51107/ + SQLI + + + FireStorm Professional Real Estate Plugin < 2.06.03 Multiple SQL Injection http://secunia.com/advisories/50873/ http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/ SQLI @@ -88,7 +93,7 @@ - All Video Gallery + Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50874/ http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ SQLI @@ -131,9 +136,10 @@ - Google Document Embedder Arbitrary File Disclosure + Google Document Embedder < 2.5.4 Arbitrary File Disclosure http://www.exploit-db.com/exploits/23970/ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ + http://secunia.com/advisories/50832/ exploit/unix/webapp/wp_google_document_embedder_exec UNKNOWN @@ -216,8 +222,9 @@ - Shopping Cart 8.1.14 Shell Upload / SQL Injection + Shopping Cart <, 8.1.15 Shell Upload / SQL Injection http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt + http://secunia.com/advisories/51690/ MULTI @@ -250,6 +257,7 @@ Advanced Custom Fields <= 3.5.1 Remote File Inclusion http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt + http://secunia.com/advisories/51037/ exploit/unix/webapp/wp_advanced_custom_fields_exec RFI @@ -408,6 +416,7 @@ SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + http://secunia.com/advisories/51224/ XSS @@ -440,6 +449,7 @@ SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + http://secunia.com/advisories/51250/ XSS @@ -555,8 +565,10 @@ - Ajax Post Search 1.1 Sql Injection + Ajax Post Search < 1.3 Sql Injection http://seclists.org/bugtraq/2012/Nov/33 + http://secunia.com/advisories/51205/ + http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html SQLI @@ -573,6 +585,7 @@ Catalog HTML Code Injection and Cross-site scripting http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt + http://secunia.com/advisories/51143/ MULTI @@ -587,10 +600,15 @@ - Slideshow jQuery Image Gallery Multiple Vulnerabilities + Slideshow jQuery Image Gallery Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html MULTI + + WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities + http://secunia.com/advisories/51135/ + XSS + @@ -1085,6 +1103,7 @@ File Upload Vulnerability FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection http://packetstormsecurity.org/files/117768 + http://secunia.com/advisories/51109/ MULTI @@ -1175,6 +1194,11 @@ File Upload Vulnerability http://packetstormsecurity.org/files/112693/ XSS + + Pretty Link Lite <= 1.6.1 Cross Site Scripting + http://secunia.com/advisories/50980/ + XSS + @@ -1769,6 +1793,11 @@ File Upload Vulnerability + + WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities + http://secunia.com/advisories/51100/ + MULTI + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html @@ -1979,6 +2008,7 @@ File Upload Vulnerability SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + http://secunia.com/advisories/51271/ XSS @@ -2619,6 +2649,11 @@ File Upload Vulnerability http://www.exploit-db.com/exploits/17808/ SQLI + + WordPress WP-Filebase Plugin < 0.2.9.25 Unspecified Vulnerabilities + http://secunia.com/advisories/51269/ + UNKNOWN + @@ -2929,6 +2964,11 @@ File Upload Vulnerability http://www.exploit-db.com/exploits/17983/ SQLI + + WP Photo Album Plus <= 4.8.12 Cross-Site Scripting + http://secunia.com/advisories/51679/ + XSS + WP Photo Album Plus < 4.9.1 Full Path Disclosure http://1337day.com/exploit/20125 @@ -2939,6 +2979,11 @@ File Upload Vulnerability http://secunia.com/advisories/51829/ XSS + + WP Photo Album Plus < 4.9.3 XSS + http://secunia.com/advisories/51669/ + XSS + @@ -2958,6 +3003,7 @@ File Upload Vulnerability portable-phpMyAdmin < 1.3.1 Authentication Bypass http://www.exploit-db.com/exploits/23356 + http://secunia.com/advisories/51520/ AUTHBYPASS @@ -3060,6 +3106,11 @@ File Upload Vulnerability http://seclists.org/bugtraq/2013/Jan/86 SQLI + + WordPress Poll Plugin < 33.6 Multiple SQL Injection Vulnerabilities + http://secunia.com/advisories/50910/ + SQLI + @@ -3096,5 +3147,94 @@ File Upload Vulnerability + + + WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities + http://secunia.com/advisories/51581/ + MULTI + + + + + + WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability + http://secunia.com/advisories/51543/ + CSRF + + + + + + WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability + http://secunia.com/advisories/51419/ + XSS + + + + + + WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability + http://secunia.com/advisories/51385/ + XSS + + + + + + WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability + http://secunia.com/advisories/51384/ + XSS + + + + + + WordPress vTiger CRM Lead Capture Plugin < 1.1.0 Unspecified Vulnerability + http://secunia.com/advisories/51305/ + UNKNOWN + + + + + + WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability + http://secunia.com/advisories/50982/ + XSS + + + + + + WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability + http://secunia.com/advisories/51082/ + CSRF + + + + + + WordPress Wysija Newsletters Plugin < 2.1.7 swfupload Cross-Site Scripting Vulnerability + http://secunia.com/advisories/51249/ + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + + WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability + http://secunia.com/advisories/51179/ + SQLI + + + + + + WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability + http://secunia.com/advisories/50981/ + XSS + + + diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index 4cf2e2ba..4852838f 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -1186,4 +1186,12 @@ + + + WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability + http://secunia.com/advisories/51619/ + UPLOAD + + +