Update plugin_vulns.xml

2013-11-14 20:59:14 +01:00
parent 629ebf5ff2
commit 92e265ecc9
1 changed files with 135 additions and 0 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1785,6 +1785,141 @@
      </references>
      <type>MULTI</type>
    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - documenthandler.php prefix Parameter SQL Injection</title>
+      <references>
+        <osvdb>86804</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79698</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter SQL Injection</title>
+      <references>
+        <osvdb>86805</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - inventory-category.php Multiple Parameter SQL Injection</title>
+      <references>
+        <osvdb>86806</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - reports.php Multiple Parameter XSS</title>
+      <references>
+        <osvdb>86807</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - foxypress-affiliate.php aff_id Parameter XSS</title>
+      <references>
+        <osvdb>86808</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - affiliate-management.php Multiple Parameter SQL Injection</title>
+      <references>
+        <osvdb>86809</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter XSS</title>
+      <references>
+        <osvdb>86810</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - order-management.php status Parameter XSS</title>
+      <references>
+        <osvdb>86811</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - affiliate-management.php page Parameter XSS</title>
+      <references>
+        <osvdb>86812</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - foxypress-affiliate.php url Parameter Arbitrary Site Redirect</title>
+      <references>
+        <osvdb>86813</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79700</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - Multiple CSV File Direct Request Information Disclosure</title>
+      <references>
+        <osvdb>86814</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79701</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - ajax.php Access Restriction Multiple Command Execution</title>
+      <references>
+        <osvdb>86815</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79703</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - Multiple Script Direct Request Path Disclosure</title>
+      <references>
+        <osvdb>86816</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79704</url>
+      </references>
+      <type>FPD</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - Multiple Object Deletion CSRF</title>
+      <references>
+        <osvdb>86817</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79702</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+    <vulnerability>
+      <title>FoxyPress 0.4.2.5 - documenthandler.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>86818</osvdb>
+        <exploitdb>22374</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
  </plugin>

  <plugin name="track-that-stat">