garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added the first secunia advisories

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-26 14:12:13 +01:00
parent 4e99c704d6
commit 91ce223b2b
2 changed files with 154 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
data/plugin_vulns.xml
View File

@@ -71,7 +71,12 @@
<plugin name="fs-real-estate-plugin">
<vulnerability>
<title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
<title>WordPress FireStorm Professional Real Estate Plugin &lt; 2.06.04 "id" SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/51107/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>FireStorm Professional Real Estate Plugin &lt; 2.06.03 Multiple SQL Injection</title>
<reference>http://secunia.com/advisories/50873/</reference>
<reference>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</reference>
<type>SQLI</type>
@@ -88,7 +93,7 @@
<plugin name="all-video-gallery">
<vulnerability>
<title>All Video Gallery </title>
<title>Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50874/</reference>
<reference>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</reference>
<type>SQLI</type>
@@ -131,9 +136,10 @@
<plugin name="google-document-embedder">
<vulnerability>
<title>Google Document Embedder Arbitrary File Disclosure</title>
<title>Google Document Embedder &lt; 2.5.4 Arbitrary File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/23970/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference>
<reference>http://secunia.com/advisories/50832/</reference>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
<type>UNKNOWN</type>
</vulnerability>
@@ -216,8 +222,9 @@
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart 8.1.14 Shell Upload / SQL Injection</title>
<title>Shopping Cart &lt;, 8.1.15 Shell Upload / SQL Injection</title>
<reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
<reference>http://secunia.com/advisories/51690/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
@@ -250,6 +257,7 @@
<vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
<reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
<reference>http://secunia.com/advisories/51037/</reference>
<metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
<type>RFI</type>
</vulnerability>
@@ -408,6 +416,7 @@
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<reference>http://secunia.com/advisories/51224/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -440,6 +449,7 @@
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<reference>http://secunia.com/advisories/51250/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -555,8 +565,10 @@
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search 1.1 Sql Injection</title>
<title>Ajax Post Search &lt; 1.3 Sql Injection</title>
<reference>http://seclists.org/bugtraq/2012/Nov/33</reference>
<reference>http://secunia.com/advisories/51205/</reference>
<reference>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
@@ -573,6 +585,7 @@
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<reference>http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt</reference>
<reference>http://secunia.com/advisories/51143/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
@@ -591,6 +604,11 @@
<reference>http://www.waraxe.us/advisory-92.html</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities</title>
<reference>http://secunia.com/advisories/51135/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-discussions">
@@ -1085,6 +1103,7 @@ File Upload Vulnerability</title>
<vulnerability>
<title>FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection</title>
<reference>http://packetstormsecurity.org/files/117768</reference>
<reference>http://secunia.com/advisories/51109/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
@@ -1175,6 +1194,11 @@ File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/112693/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pretty Link Lite &lt;= 1.6.1 Cross Site Scripting</title>
<reference>http://secunia.com/advisories/50980/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="newsletter-manager">
@@ -1769,6 +1793,11 @@ File Upload Vulnerability</title>
</plugin>
<plugin name="flash-album-gallery">
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities</title>
<reference>http://secunia.com/advisories/51100/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
@@ -1979,6 +2008,7 @@ File Upload Vulnerability</title>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<reference>http://secunia.com/advisories/51271/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
@@ -2619,6 +2649,11 @@ File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17808/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-Filebase Plugin &lt; 0.2.9.25 Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/51269/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="a-to-z-category-listing">
@@ -2929,6 +2964,11 @@ File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17983/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.8.12 Cross-Site Scripting</title>
<reference>http://secunia.com/advisories/51679/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt; 4.9.1 Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20125</reference>
@@ -2939,6 +2979,11 @@ File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/51829/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt; 4.9.3 XSS</title>
<reference>http://secunia.com/advisories/51669/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="backwpup">
@@ -2958,6 +3003,7 @@ File Upload Vulnerability</title>
<vulnerability>
<title>portable-phpMyAdmin &lt; 1.3.1 Authentication Bypass</title>
<reference>http://www.exploit-db.com/exploits/23356</reference>
<reference>http://secunia.com/advisories/51520/</reference>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
@@ -3060,6 +3106,11 @@ File Upload Vulnerability</title>
<reference>http://seclists.org/bugtraq/2013/Jan/86</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Poll Plugin &lt; 33.6 Multiple SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50910/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="devformatter">
@@ -3096,5 +3147,94 @@ File Upload Vulnerability</title>
</vulnerability>
</plugin>
<plugin name="usc-e-shop">
<vulnerability>
<title>WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<reference>http://secunia.com/advisories/51581/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="knews">
<vulnerability>
<title>WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/51543/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="video-lead-form">
<vulnerability>
<title>WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51419/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce-predictive-search">
<vulnerability>
<title>WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51385/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce-predictive-search">
<vulnerability>
<title>WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51384/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-tiger">
<vulnerability>
<title>WordPress vTiger CRM Lead Capture Plugin &lt; 1.1.0 Unspecified Vulnerability</title>
<reference>http://secunia.com/advisories/51305/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-postviews">
<vulnerability>
<title>WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50982/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dx-contribute">
<vulnerability>
<title>WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/51082/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wysija-newsletters">
<vulnerability>
<title>WordPress Wysija Newsletters Plugin &lt; 2.1.7 swfupload Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51249/</reference>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="hitasoft_player">
<vulnerability>
<title>WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/51179/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="spider-calendar">
<vulnerability>
<title>WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50981/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
</vulnerabilities>

8
data/theme_vulns.xml
View File

@@ -1186,4 +1186,12 @@
</vulnerability>
</theme>
<theme name="clockstone">
<vulnerability>
<title>WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/51619/</reference>
<type>UPLOAD</type>
</vulnerability>
</theme>
</vulnerabilities>