From 93951197493d9a2fcaf32925105fc286e80e73ec Mon Sep 17 00:00:00 2001
From: Peter <vanderlaan.pm@gmail.com>
Date: Mon, 3 Feb 2014 13:55:18 +0100
Subject: [PATCH] Update vuln db

---
 data/plugin_vulns.xml |  15 +++++-
 data/wp_vulns.xml     | 103 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 116 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index ecb0c90b..c25b5894 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -208,9 +208,13 @@
 
   <plugin name="fs-real-estate-plugin">
     <vulnerability>
-      <title>FireStorm Professional Real Estate - "id" SQL Injection Vulnerability</title>
+      <title>FireStorm Professional Real Estate 2.06.01 - xml/marker_listings.php id Parameter SQL Injection</title>
       <references>
+        <osvdb>86686</osvdb>
         <secunia>51107</secunia>
+        <exploitdb>22071</exploitdb>
+        <url>http://packetstormsecurity.com/files/118232/</url>
+        <url>http://xforce.iss.net/xforce/xfdb/80261</url>
       </references>
       <type>SQLI</type>
       <fixed_in>2.06.04</fixed_in>
@@ -9745,6 +9749,15 @@
   </plugin>
 
   <plugin name="contact-form-7">
+    <vulnerability>
+      <title>Contact Form 7 3.5.2 - Crafted File Extension Upload Remote Code Execution</title>
+      <references>
+        <osvdb>102776</osvdb>
+        <url>http://seclists.org/fulldisclosure/2014/Feb/0</url>
+      </references>
+      <type>RCE</type>
+      <fixed_in>3.5.3</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Contact Form 7 3.5.2 - File Upload Remote Code Execution</title>
       <references>
diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 9f535723..c9b705c5 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -3,7 +3,24 @@
 <vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:noNamespaceSchemaLocation="vuln.xsd">
 
+  <wordpress version="3.8.1">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </wordpress>
+
   <wordpress version="3.8">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
       <references>
@@ -15,6 +32,13 @@
   </wordpress>
 
   <wordpress version="3.7.1">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
       <references>
@@ -26,6 +50,13 @@
   </wordpress>
 
   <wordpress version="3.6">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>PHP Object Injection</title>
       <references>
@@ -113,6 +144,13 @@
   </wordpress>
 
   <wordpress version="3.5.2">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Media Library Multiple Function Path Disclosure</title>
       <references>
@@ -132,6 +170,13 @@
   </wordpress>
 
   <wordpress version="3.5.1">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
       <references>
@@ -205,6 +250,13 @@
   </wordpress>
 
   <wordpress version="3.5">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
       <references>
@@ -248,6 +300,13 @@
   </wordpress>
 
   <wordpress version="3.4.2">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
       <references>
@@ -298,6 +357,13 @@
   </wordpress>
 
   <wordpress version="3.4.1">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
       <references>
@@ -341,6 +407,13 @@
   </wordpress>
 
   <wordpress version="3.4">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
       <references>
@@ -384,6 +457,13 @@
   </wordpress>
 
   <wordpress version="3.4-beta4">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
       <references>
@@ -415,6 +495,13 @@
   </wordpress>
 
   <wordpress version="3.3.3">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
       <references>
@@ -439,6 +526,13 @@
   </wordpress>
 
   <wordpress version="3.3.2">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
       <references>
@@ -477,6 +571,13 @@
   </wordpress>
 
   <wordpress version="3.3.1">
+    <vulnerability>
+      <title>WordPress 3.3.1-3.8.1 - Media Manager Description Field Stored XSS</title>
+      <references>
+        <osvdb>102763</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Multiple vulnerabilities including XSS and Privilege Escalation</title>
       <references>
@@ -485,7 +586,7 @@
       <type>MULTI</type>
     </vulnerability>
     <vulnerability>
-      <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
+      <title>Wordpress 3.3.1 - Multiple CSRF Vulnerabilities</title>
       <references>
         <exploitdb>18791</exploitdb>
       </references>