garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some vulns added

Browse Source
This commit is contained in:
erwanlr
2013-09-17 14:34:33 +01:00
parent 4a4df8e1c4
commit 95557ce095
2 changed files with 90 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
data/plugin_vulns.xml
View File

@@ -2794,6 +2794,15 @@
</references> </references>
<type>SQLI</type> <type>SQLI</type>
</vulnerability> </vulnerability>
<vulnerability>
<title>Privilege Escalation CSRF</title>
<references>
<osvdb>96905</osvdb>
<cve>2013-0736</cve>
<secunia>47687</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin> </plugin>
<plugin name="accept-signups"> <plugin name="accept-signups">
@@ -6494,4 +6503,43 @@
<fixed_in>1.3.8</fixed_in> <fixed_in>1.3.8</fixed_in>
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="design-approval-system">
<vulnerability>
<title>/admin/walkthrough/walkthrough.php step Parameter Reflected XSS</title>
<references>
<url>http://seclists.org/bugtraq/2013/Sep/54</url>
<cve>2013-5711</cve>
<osvdb>97279</osvdn>
</references>
<fixed_in>3.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="event-easy-calendar">
<vulnerability>
<title>Multiple Administrator Action CSRF</title>
<references>
<osvdb>97042</osvdb>
</references>
</vulnerability>
<vulnerability>
<title>Multiple Unspecified XSS</title>
<references>
<osvdb>97041</osvdb>
</references>
</vulnerability>
</plugin>
<plugin name="">
<vulnerability>
<title></title>
<references>
<url></url>
<cve></cve>
<osvdb></osvdb>
</references>
<fixed_in></fixed_in>
</vulnerability>
</plugin>
</vulnerabilities> </vulnerabilities>

43
data/wp_vulns.xml
View File

@@ -10,10 +10,51 @@
<url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url> <url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url>
<url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url> <url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url>
<url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url> <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url>
<cve>2013-4340</cve> <url>http://core.trac.wordpress.org/changeset/25325</url>
<secunia>54803</secunia>
<cve>2013-4338</cve>
<osvdb>97211</osvdb>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>
</vulnerability> </vulnerability>
<vulnerability>
<title>wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness</title>
<references>
<osvdb>97210</osvdb>
<cve>2013-5739</cve>
<url>http://core.trac.wordpress.org/changeset/25322</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title>
<references>
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<url>http://core.trac.wordpress.org/changeset/25323</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing</title>
<references>
<osvdb>97213</osvdb>
<cve>2013-4340</cve>
<secunia>54803</secunia>
<url>http://core.trac.wordpress.org/changeset/25321</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness</title>
<references>
<osvdb>97214</osvdb>
<cve>2013-5738</cve>
<url>http://core.trac.wordpress.org/changeset/25322</url>
</references>
<type>XSS</type>
</vulnerability>
</wordpress> </wordpress>
<wordpress version="3.5.2"> <wordpress version="3.5.2">