From 9d6e50c8e2c9964e1aabf8f95b4ab0619f0025bd Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sat, 12 Oct 2013 21:11:04 +0200 Subject: [PATCH] Added OSVDB #98279, #98352, #98353, #98371 --- data/plugin_vulns.xml | 107 +++++++++++++++++++++++++----------------- 1 file changed, 65 insertions(+), 42 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index a247733f..38f23238 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -3099,7 +3099,7 @@ - Image Manager Plugins Shell Upload Vulnerability + Image Manager - Shell Upload Vulnerability 10325 @@ -3205,7 +3205,7 @@ - Lytebox (wp-lytebox) Local File Inclusion Vulnerability + Lytebox - Local File Inclusion Vulnerability 8791 @@ -3270,7 +3270,7 @@ - Download (dl_id) SQL Injection Vulnerability + Download - (dl_id) SQL Injection Vulnerability 5326 @@ -3290,7 +3290,7 @@ - Photo album Remote SQL Injection Vulnerability + Photo album - Remote SQL Injection Vulnerability 5135 @@ -3317,14 +3317,14 @@ - st_newsletter Remote SQL Injection Vulnerability + st_newsletter - Remote SQL Injection Vulnerability 5053 SQLI - st_newsletter (stnl_iframe.php) SQL Injection Vuln + st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability 6777 @@ -3334,7 +3334,7 @@ - Wordspew Remote SQL Injection Vulnerability + Wordspew - Remote SQL Injection Vulnerability 5039 @@ -3441,7 +3441,7 @@ - BackUp <= 0.4.2b RFI Vulnerability + BackUp <= 0.4.2b - RFI Vulnerability 4593 @@ -3679,7 +3679,7 @@ - yolink Search "s" Cross-Site Scripting Vulnerability + yolink Search - "s" Cross-Site Scripting Vulnerability 52030 @@ -3861,7 +3861,7 @@ - Eventify - Simple Events <= 1.7.f SQL Injection Vulnerability + Eventify - Simple Events <= 1.7.f - SQL Injection Vulnerability 17794 @@ -3898,7 +3898,7 @@ XSS - 1 Flash Gallery Arbiraty File Upload Exploit (MSF) + 1 Flash Gallery - Arbiraty File Upload Exploit (MSF) 17801 @@ -3915,7 +3915,7 @@ SQLI - WP-Filebase Unspecified Vulnerabilities + WP-Filebase - Unspecified Vulnerabilities 51269 @@ -4027,7 +4027,7 @@ RFI - Mailing List Arbitrary file download + Mailing List - Arbitrary file download 18276 @@ -4089,7 +4089,7 @@ UPLOAD - Category Grid View Gallery CatGridPost.php ID Parameter XSS + Category Grid View Gallery - CatGridPost.php ID Parameter XSS 94805 @@ -4347,7 +4347,7 @@ XSS - WP Photo Album Plus Full Path Disclosure + WP Photo Album Plus - Full Path Disclosure http://1337day.com/exploit/20125 @@ -4355,7 +4355,7 @@ 4.9.1 - WP Photo Album Plus index.php wppa-tag Parameter XSS + WP Photo Album Plus - index.php wppa-tag Parameter XSS 89165 51829 @@ -4364,7 +4364,7 @@ 4.9.3 - WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability + WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 @@ -4374,7 +4374,7 @@ 5.0.3 - WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS + WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS 94465 53915 @@ -4507,7 +4507,7 @@ - floating-tweets persistent - XSS + floating-tweets - persistent XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4515,7 +4515,7 @@ XSS - floating-tweets directory traversal + floating-tweets - directory traversal http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4545,7 +4545,7 @@ 0.9.4 - Simple Login Log SQL Injection + Simple Login Log - SQL Injection 51780 @@ -4556,7 +4556,7 @@ - wp-slimstat XSS + wp-slimstat - XSS 51721 @@ -4578,7 +4578,7 @@ - browser-rejector Remote and Local File Inclusion + browser-rejector - Remote and Local File Inclusion 51739 @@ -4589,7 +4589,7 @@ - File Uploader PHP File Upload Vulnerability + File Uploader - PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ @@ -4599,7 +4599,7 @@ - Poll Cross-Site Request Forgery Vulnerability + Cardoza Wordpress poll - Cross-Site Request Forgery Vulnerability 51925 @@ -4607,7 +4607,7 @@ 34.06 - Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin + Cardoza Wordpress poll - Multiple SQL injection vulnerabilities 51942 http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html @@ -4616,7 +4616,7 @@ SQLI - Poll Multiple SQL Injection Vulnerabilities + Cardoza Wordpress poll - Multiple SQL Injection Vulnerabilities 50910 @@ -4627,7 +4627,7 @@ - Developer Formatter CSRF and XSS Vulnerability + Developer Formatter - CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 @@ -4639,7 +4639,7 @@ - DVS Custom Notification Cross-Site Request Forgery Vulnerability + DVS Custom Notification - Cross-Site Request Forgery Vulnerability 51531 @@ -4694,7 +4694,7 @@ - Welcart e-Commerce Cross-Site Scripting and Request Forgery Vulnerabilities + Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities 51581 @@ -4704,7 +4704,7 @@ - Knews Multilingual Newsletters Cross-Site Request Forgery Vulnerability + Knews - Multilingual Newsletters Cross-Site Request Forgery Vulnerability 51543 @@ -4714,7 +4714,7 @@ - Video Lead Form "errMsg" Cross-Site Scripting Vulnerability + Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability 51419 @@ -4724,7 +4724,7 @@ - WooCommerce Predictive Search "rs" Cross-Site Scripting Vulnerability + WooCommerce Predictive Search - "rs" Cross-Site Scripting Vulnerability 51385 @@ -4734,7 +4734,7 @@ - WooCommerce index.php calc_shipping_state Parameter XSS + WooCommerce - index.php calc_shipping_state Parameter XSS 95480 @@ -4745,7 +4745,7 @@ - WP e-Commerce Predictive Search "rs" Cross-Site Scripting Vulnerability + WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability 51384 @@ -4755,7 +4755,7 @@ - vTiger CRM Lead Capture Unspecified Vulnerability + vTiger - CRM Lead Capture Unspecified Vulnerability 51305 @@ -4766,14 +4766,14 @@ - WP-PostViews "search_input" Cross-Site Scripting Vulnerability + WP-PostViews - "search_input" Cross-Site Scripting Vulnerability 50982 XSS - WP-PostViews Cross-Site Request Forgery Vulnerability + WP-PostViews - Cross-Site Request Forgery Vulnerability 53127 @@ -4784,7 +4784,7 @@ - DX-Contribute Cross-Site Request Forgery Vulnerability + DX-Contribute - Cross-Site Request Forgery Vulnerability 51082 @@ -4794,7 +4794,7 @@ - SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin + Wysija Newsletters - SQL Injection Vulnerability https://www.htbridge.com/advisory/HTB23140 http://packetstormsecurity.com/files/120089/ @@ -4805,7 +4805,7 @@ 2.2.1 - Wysija Newsletters swfupload Cross-Site Scripting Vulnerability + Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html @@ -6780,7 +6780,7 @@ - Simple Flickr Display Username Field Stored XSS + Simple Flickr Display - Username Field Stored XSS 97991 @@ -7036,6 +7036,7 @@ Quick Contact Form 6.0 - Persistent XSS + 98279 28808 http://packetstormsecurity.com/files/123549/ http://quick-plugins.com/quick-contact-form/ @@ -7167,6 +7168,7 @@ Simple Flash Video 1.7 - Cross Site Scripting + 98371 http://packetstormsecurity.com/files/123562/ XSS @@ -7186,4 +7188,25 @@ + + + Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF + + 98352 + 2013-5977 + + CSRF + 1.5.1.15 + + + Cart66 - admin.php cart66-products Page Multiple Field Stored XSS + + 98353 + 2013-5978 + + XSS + 1.5.1.15 + + +