From 16ba490f3f883bc1f32d08401927ab1dd2f073e4 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 5 Nov 2013 09:07:32 +0100
Subject: [PATCH 1/5] Added OSVDB #99339, #99340, #99341

---
 data/plugin_vulns.xml | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index ad75c218..0a5db73b 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7080,7 +7080,7 @@
 
   <plugin name="lbg_zoominoutslider">
     <vulnerability>
-      <title>LBG Zoominoutslider - XSS Vulnerability</title>
+      <title>LBG Zoominoutslider - add_banner.php name Parameter Stored XSS</title>
       <references>
         <osvdb>97887</osvdb>
         <secunia>54983</secunia>
@@ -7088,6 +7088,30 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
+      <title>LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS</title>
+      <references>
+        <osvdb>99339</osvdb>
+        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS</title>
+      <references>
+        <osvdb>99340</osvdb>
+        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
+      <references>
+        <osvdb>99341</osvdb>
+        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
+      </references>
+      <type>FPD</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="woopra">
@@ -7820,5 +7844,4 @@
     </vulnerability>
   </plugin>
 
-
 </vulnerabilities>

From 529660e622bc9fdcad1ae6292f0e61732c681e79 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 5 Nov 2013 09:32:08 +0100
Subject: [PATCH 2/5] Update theme_vulns.xml

---
 data/theme_vulns.xml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 4cf4030a..3b6e583d 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1897,4 +1897,24 @@
     </vulnerability>
   </theme>
 
+  <theme name="ThisWay">
+    <vulnerability>
+      <title>ThisWay - remote shell upload vulnerability</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123895/</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="ThinkResponsive">
+    <vulnerability>
+      <title>Think Responsive 1.0 - Arbitrary shell upload vulnerability</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123880/</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+  </theme>
+
 </vulnerabilities>

From 99181a3bd98048e8c6d310b8336854ff14e3f0df Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 5 Nov 2013 09:52:33 +0100
Subject: [PATCH 3/5] Added OSVDB #90432, #90433, #90434

---
 data/plugin_vulns.xml | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 0a5db73b..d6278bc5 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -3020,11 +3020,34 @@
       <type>MULTI</type>
     </vulnerability>
     <vulnerability>
-      <title>Mingle Forum 1.0.33.3 - Multiple Parameter SQL Injection</title>
+      <title>Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS</title>
+      <references>
+        <osvdb>90432</osvdb>
+        <cve>2013-0734</cve>
+        <secunia>52167</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>1.0.34</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS</title>
+      <references>
+        <osvdb>90433</osvdb>
+        <cve>2013-0734</cve>
+        <secunia>52167</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>1.0.34</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection</title>
       <references>
         <osvdb>90434</osvdb>
+        <cve>2013-0735</cve>
+        <secunia>52167</secunia>
       </references>
       <type>SQLI</type>
+      <fixed_in>1.0.34</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Mingle Forum 1.0.35 - Privilege Escalation CSRF</title>

From 17fec7a16106fe605e958c419622e892c189b51e Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 5 Nov 2013 11:31:42 +0100
Subject: [PATCH 4/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index d6278bc5..71114a2f 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -593,11 +593,12 @@
 
   <plugin name="comment-extra-field">
     <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
+      <title>Comment Extra Field 1.7 - CSRF / XSS</title>
       <references>
+        <url>http://packetstormsecurity.com/files/122625/</url>
         <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
       </references>
-      <type>XSS</type>
+      <type>MULTI</type>
     </vulnerability>
   </plugin>
 
@@ -5883,8 +5884,10 @@
 
   <plugin name="terillion-reviews">
     <vulnerability>
-      <title>Terillion Reviews - Cross Site Scripting</title>
+      <title>Terillion Reviews - Profile Id Field XSS</title>
       <references>
+        <osvdb>91123</osvdb>
+        <cve>2013-1201</cve>
         <url>http://packetstormsecurity.com/files/120730/</url>
       </references>
       <type>XSS</type>
@@ -6702,6 +6705,7 @@
     <vulnerability>
       <title>Xorbin Digital Flash Clock 1.0 - Flash-based XSS</title>
       <references>
+        <url>http://packetstormsecurity.com/files/122223/</url>
         <url>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</url>
         <cve>2013-4693</cve>
       </references>
@@ -6779,6 +6783,7 @@
       <references>
         <osvdb>95557</osvdb>
         <exploitdb>26804</exploitdb>
+        <url>http://packetstormsecurity.com/files/122396/</url>
       </references>
       <type>RFI</type>
     </vulnerability>
@@ -7253,8 +7258,10 @@
     <vulnerability>
       <title>Booking Calendar 4.1.4 - CSRF Vulnerability</title>
       <references>
-        <exploitdb>27399</exploitdb>
         <osvdb>96088</osvdb>
+        <exploitdb>27399</exploitdb>
+        <secunia>54461</secunia>
+        <url>http://packetstormsecurity.com/files/122691/</url>
         <url>http://wpbookingcalendar.com/</url>
       </references>
       <type>CSRF</type>
@@ -7280,10 +7287,12 @@
       <references>
         <osvdb>98279</osvdb>
         <exploitdb>28808</exploitdb>
+        <secunia>55172</secunia>
         <url>http://packetstormsecurity.com/files/123549/</url>
         <url>http://quick-plugins.com/quick-contact-form/</url>
       </references>
       <type>XSS</type>
+      <fixed_in>6.1</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -7616,6 +7625,7 @@
       <title>Feed - news_dt.php nid Parameter SQL Injection</title>
       <references>
         <osvdb>94804</osvdb>
+        <url>http://packetstormsecurity.com/files/122260/</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -7772,6 +7782,7 @@
         <osvdb>98831</osvdb>
         <cve>2013-6281</cve>
         <secunia>55396</secunia>
+        <url>http://packetstormsecurity.com/files/123699/</url>
         <url>http://www.securityfocus.com/bid/63256</url>
       </references>
       <type>XSS</type>

From 71b821a653f4a5bae1b8b74d81b06250da7f24b0 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 5 Nov 2013 12:05:44 +0100
Subject: [PATCH 5/5] Added OSVDB #87817

---
 data/plugin_vulns.xml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 71114a2f..d06857ee 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7878,4 +7878,18 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="timeline">
+    <vulnerability>
+      <title>Facebook Survey Pro - timeline/index.php id Parameter SQL Injection</title>
+      <references>
+        <secunia>87817</secunia>
+        <exploitdb>22853</exploitdb>
+        <url>http://packetstormsecurity.com/files/118238/</url>
+        <url>http://www.securityfocus.com/bid/56595</url>
+        <url>http://xforce.iss.net/xforce/xfdb/80141</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>