From ff9dd1c69d0ae1cc1b86ff9e75748c9691c3c51e Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 16:16:52 +0200 Subject: [PATCH 1/2] Update plugin_vulns.xml --- data/plugin_vulns.xml | 118 +++++++++++++++++++++--------------------- 1 file changed, 58 insertions(+), 60 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 0d15a856..a247733f 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -204,7 +204,7 @@ - WP125 Multiple - XSS + WP125 - Multiple XSS 50976 @@ -253,7 +253,7 @@ - Floating Social Media Links Remote File Inclusion + Floating Social Media Links - Remote File Inclusion 51346 http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ @@ -264,7 +264,7 @@ - Zingiri Forum Arbitrary File Disclosure + Zingiri Forum - Arbitrary File Disclosure 50833 http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ @@ -293,7 +293,7 @@ - extended-user-profile Full Path Disclosure vulnerability + extended-user-profile - Full Path Disclosure vulnerability http://1337day.com/exploit/20118 @@ -303,7 +303,7 @@ - superslider-show Full Path Disclosure vulnerability + superslider-show - Full Path Disclosure vulnerability http://1337day.com/exploit/20117 @@ -323,7 +323,7 @@ - OpenInviter Information Disclosure + OpenInviter - Information Disclosure http://packetstormsecurity.com/files/119265/ @@ -333,7 +333,7 @@ - RokBox Multiple Vulnerabilities + RokBox - Multiple Vulnerabilities http://1337day.com/exploit/19981 @@ -395,7 +395,7 @@ - grou-random-image-widget Full Path Disclosure + grou-random-image-widget - Full Path Disclosure http://1337day.com/exploit/20047 @@ -405,14 +405,14 @@ - sintic_gallery Arbitrary File Upload Vulnerability + sintic_gallery - Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD - sintic_gallery Path Disclosure Vulnerability + sintic_gallery - Path Disclosure Vulnerability http://1337day.com/exploit/20020 @@ -422,7 +422,7 @@ - WP-UserOnline Full Path Disclosure + WP-UserOnline - Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 @@ -439,7 +439,7 @@ - Shopping Cart Shell Upload / SQL Injection + Shopping Cart - Shell Upload, SQL Injection http://packetstormsecurity.com/files/119217/ 51690 @@ -502,7 +502,7 @@ - sitepress-multilingual-cms Full Path Disclosure + sitepress-multilingual-cms - Full Path Disclosure http://1337day.com/exploit/20067 @@ -649,7 +649,7 @@ - powerzoomer Arbitrary File Upload Vulnerability + powerzoomer - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20253 @@ -727,7 +727,7 @@ - wp-3dflick-slideshow Arbitrary File Upload Vulnerability + wp-3dflick-slideshow - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20255 @@ -813,7 +813,7 @@ - wp-homepage-slideshow Arbitrary File Upload Vulnerability + wp-homepage-slideshow - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20260 @@ -830,7 +830,7 @@ - wp-image-news-slider Arbitrary File Upload Vulnerability + wp-image-news-slider - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20259 @@ -855,7 +855,7 @@ - wp-levoslideshow Arbitrary File Upload Vulnerability + wp-levoslideshow - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20250 @@ -882,7 +882,7 @@ - wp-powerplaygallery Arbitrary File Upload Vulnerability + wp-powerplaygallery - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20252 @@ -899,7 +899,7 @@ - wp-royal-gallery Arbitrary File Upload Vulnerability + wp-royal-gallery - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20261 @@ -923,7 +923,7 @@ XSS - wp superb Slideshow Full Path Disclosure + wp superb Slideshow - Full Path Disclosure http://1337day.com/exploit/19979 @@ -953,7 +953,7 @@ - Ajax Post Search Sql Injection + Ajax - Post Search Sql Injection http://seclists.org/bugtraq/2012/Nov/33 51205 @@ -977,7 +977,7 @@ - Catalog HTML Code Injection and Cross-site scripting + Catalog - HTML Code Injection and Cross-site scripting http://packetstormsecurity.com/files/117820/ 51143 @@ -1021,7 +1021,7 @@ - Slideshow jQuery Image Gallery Multiple Vulnerabilities + Slideshow jQuery Image Gallery - Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html @@ -1038,7 +1038,7 @@ - Social Discussions Multiple Vulnerabilities + Social Discussions - Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html @@ -1048,7 +1048,7 @@ - ABtest Directory Traversal + ABtest - Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 @@ -1073,7 +1073,7 @@ - NextGen Cu3er Gallery Information Disclosure + NextGen Cu3er Gallery - Information Disclosure http://packetstormsecurity.com/files/116150/ @@ -1083,7 +1083,7 @@ - Rich Widget File Upload + Rich Widget - File Upload http://packetstormsecurity.com/files/115787/ @@ -1093,7 +1093,7 @@ - Monsters Editor Shell Upload + Monsters Editor - Shell Upload http://packetstormsecurity.com/files/115788/ @@ -1145,7 +1145,7 @@ - RSVPMaker v2.5.4 - Persistent XSS + RSVPMaker 2.5.4 - Persistent XSS 20474 50289 @@ -1167,7 +1167,7 @@ - Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload + Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload http://packetstormsecurity.com/files/114716/ @@ -1177,7 +1177,7 @@ - WP-Predict v1.0 - Blind SQL Injection + WP-Predict 1.0 - Blind SQL Injection 19715 @@ -1200,7 +1200,7 @@ - MoodThingy Widget v0.8.7 - Blind SQL Injection + MoodThingy Widget 0.8.7 - Blind SQL Injection 19572 @@ -1210,7 +1210,7 @@ - Paid Business Listings v1.0.2 - Blind SQL Injection + Paid Business Listings 1.0.2 - Blind SQL Injection 19481 @@ -1297,7 +1297,7 @@ - Auctions - 2.0.1.3 - Arbitrary + <title>Auctions 2.0.1.3 - Arbitrary File Upload Vulnerability @@ -1359,9 +1359,7 @@ - Contus Video Gallery 1.3 - Arbitrary - File Upload Vulnerability - + Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113571/ @@ -1485,7 +1483,7 @@ - Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability + Custom Content Type Manager 0.9.5.13pl - Arbitrary File Upload Vulnerability 19058 @@ -1522,7 +1520,7 @@ UPLOAD - Front End Upload v0.5.4 - Arbitrary PHP File Upload + Front End Upload 0.5.4 - Arbitrary PHP File Upload 20083 @@ -1659,14 +1657,14 @@ - Google Maps via Store Locator Multiple Vulnerabilities + Google Maps via Store Locator - Multiple Vulnerabilities 18989 MULTI - store-locator-le SQL Injection + store-locator-le - SQL Injection 51757 @@ -1698,7 +1696,7 @@ UPLOAD - FoxyPress 0.4.2.5 - XSS / CSRF / SQL Injection + FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection http://packetstormsecurity.com/files/117768/ 51109 @@ -2197,7 +2195,7 @@ - XSS vulnerability in CMS Tree Page View Plugin + CMS Tree Page View - XSS vulnerability https://www.htbridge.com/advisory/HTB23083 @@ -2483,7 +2481,7 @@ - Click Desk Live Support Chat Cross Site Scripting Vulnerability + Click Desk Live Support Chat - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 @@ -2609,7 +2607,7 @@ SQLI - WP Symposium "u" XSS + WP Symposium - "u" XSS 52864 @@ -2617,7 +2615,7 @@ 13.04 - WP Symposium "u" Redirection Weakness + WP Symposium - "u" Redirection Weakness 52925 @@ -2647,7 +2645,7 @@ - Beer Recipes v.1.0 - XSS + Beer Recipes 1.0 - XSS 17453 @@ -2667,7 +2665,7 @@ - EditorMonkey (FCKeditor) Arbitrary File Upload + EditorMonkey - (FCKeditor) Arbitrary File Upload 17284 @@ -2888,7 +2886,7 @@ - User Photo Component Remote File Upload Vulnerability + User Photo - Component Remote File Upload Vulnerability 16181 71071 @@ -2900,7 +2898,7 @@ - Enable Media Replace Multiple Vulnerabilities + Enable Media Replace - Multiple Vulnerabilities 16144 @@ -2967,7 +2965,7 @@ - Events Manager Extended Persistent XSS Vulnerability + Events Manager Extended - Persistent XSS Vulnerability 14923 @@ -2994,7 +2992,7 @@ - myLDlinker SQL Injection Vulnerability + myLDlinker - SQL Injection Vulnerability 14441 @@ -3004,7 +3002,7 @@ - Firestats Remote Configuration File Download + Firestats - Remote Configuration File Download 14308 @@ -3014,7 +3012,7 @@ - Simple:Press SQL Injection Vulnerability + Simple Press - SQL Injection Vulnerability 14198 @@ -3043,7 +3041,7 @@ 1.9.8 - XSS in NextGEN Gallery <= 1.5.1 + NextGEN Gallery <= 1.5.1 - XSS Vulnerability 12098 @@ -3071,7 +3069,7 @@ - Copperleaf Photolog SQL injection + Copperleaf Photolog - SQL injection 11458 @@ -3081,7 +3079,7 @@ - Events SQL Injection Vulnerability + Events Calendar - SQL Injection Vulnerability 10929 95677 @@ -3090,7 +3088,7 @@ 6.7.10 - WP Events Calendar wp-admin/admin.php EC_id Parameter XSS + Events Calendar - wp-admin/admin.php EC_id Parameter XSS 74705 @@ -3118,7 +3116,7 @@ MULTI - WP-Cumulus Cross Site Scripting Vulnerabily + WP-Cumulus - Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 From 9d6e50c8e2c9964e1aabf8f95b4ab0619f0025bd Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Sat, 12 Oct 2013 21:11:04 +0200 Subject: [PATCH 2/2] Added OSVDB #98279, #98352, #98353, #98371 --- data/plugin_vulns.xml | 107 +++++++++++++++++++++++++----------------- 1 file changed, 65 insertions(+), 42 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index a247733f..38f23238 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -3099,7 +3099,7 @@ - Image Manager Plugins Shell Upload Vulnerability + Image Manager - Shell Upload Vulnerability 10325 @@ -3205,7 +3205,7 @@ - Lytebox (wp-lytebox) Local File Inclusion Vulnerability + Lytebox - Local File Inclusion Vulnerability 8791 @@ -3270,7 +3270,7 @@ - Download (dl_id) SQL Injection Vulnerability + Download - (dl_id) SQL Injection Vulnerability 5326 @@ -3290,7 +3290,7 @@ - Photo album Remote SQL Injection Vulnerability + Photo album - Remote SQL Injection Vulnerability 5135 @@ -3317,14 +3317,14 @@ - st_newsletter Remote SQL Injection Vulnerability + st_newsletter - Remote SQL Injection Vulnerability 5053 SQLI - st_newsletter (stnl_iframe.php) SQL Injection Vuln + st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability 6777 @@ -3334,7 +3334,7 @@ - Wordspew Remote SQL Injection Vulnerability + Wordspew - Remote SQL Injection Vulnerability 5039 @@ -3441,7 +3441,7 @@ - BackUp <= 0.4.2b RFI Vulnerability + BackUp <= 0.4.2b - RFI Vulnerability 4593 @@ -3679,7 +3679,7 @@ - yolink Search "s" Cross-Site Scripting Vulnerability + yolink Search - "s" Cross-Site Scripting Vulnerability 52030 @@ -3861,7 +3861,7 @@ - Eventify - Simple Events <= 1.7.f SQL Injection Vulnerability + Eventify - Simple Events <= 1.7.f - SQL Injection Vulnerability 17794 @@ -3898,7 +3898,7 @@ XSS - 1 Flash Gallery Arbiraty File Upload Exploit (MSF) + 1 Flash Gallery - Arbiraty File Upload Exploit (MSF) 17801 @@ -3915,7 +3915,7 @@ SQLI - WP-Filebase Unspecified Vulnerabilities + WP-Filebase - Unspecified Vulnerabilities 51269 @@ -4027,7 +4027,7 @@ RFI - Mailing List Arbitrary file download + Mailing List - Arbitrary file download 18276 @@ -4089,7 +4089,7 @@ UPLOAD - Category Grid View Gallery CatGridPost.php ID Parameter XSS + Category Grid View Gallery - CatGridPost.php ID Parameter XSS 94805 @@ -4347,7 +4347,7 @@ XSS - WP Photo Album Plus Full Path Disclosure + WP Photo Album Plus - Full Path Disclosure http://1337day.com/exploit/20125 @@ -4355,7 +4355,7 @@ 4.9.1 - WP Photo Album Plus index.php wppa-tag Parameter XSS + WP Photo Album Plus - index.php wppa-tag Parameter XSS 89165 51829 @@ -4364,7 +4364,7 @@ 4.9.3 - WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability + WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 @@ -4374,7 +4374,7 @@ 5.0.3 - WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS + WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS 94465 53915 @@ -4507,7 +4507,7 @@ - floating-tweets persistent - XSS + floating-tweets - persistent XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4515,7 +4515,7 @@ XSS - floating-tweets directory traversal + floating-tweets - directory traversal http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4545,7 +4545,7 @@ 0.9.4 - Simple Login Log SQL Injection + Simple Login Log - SQL Injection 51780 @@ -4556,7 +4556,7 @@ - wp-slimstat XSS + wp-slimstat - XSS 51721 @@ -4578,7 +4578,7 @@ - browser-rejector Remote and Local File Inclusion + browser-rejector - Remote and Local File Inclusion 51739 @@ -4589,7 +4589,7 @@ - File Uploader PHP File Upload Vulnerability + File Uploader - PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ @@ -4599,7 +4599,7 @@ - Poll Cross-Site Request Forgery Vulnerability + Cardoza Wordpress poll - Cross-Site Request Forgery Vulnerability 51925 @@ -4607,7 +4607,7 @@ 34.06 - Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin + Cardoza Wordpress poll - Multiple SQL injection vulnerabilities 51942 http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html @@ -4616,7 +4616,7 @@ SQLI - Poll Multiple SQL Injection Vulnerabilities + Cardoza Wordpress poll - Multiple SQL Injection Vulnerabilities 50910 @@ -4627,7 +4627,7 @@ - Developer Formatter CSRF and XSS Vulnerability + Developer Formatter - CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 @@ -4639,7 +4639,7 @@ - DVS Custom Notification Cross-Site Request Forgery Vulnerability + DVS Custom Notification - Cross-Site Request Forgery Vulnerability 51531 @@ -4694,7 +4694,7 @@ - Welcart e-Commerce Cross-Site Scripting and Request Forgery Vulnerabilities + Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities 51581 @@ -4704,7 +4704,7 @@ - Knews Multilingual Newsletters Cross-Site Request Forgery Vulnerability + Knews - Multilingual Newsletters Cross-Site Request Forgery Vulnerability 51543 @@ -4714,7 +4714,7 @@ - Video Lead Form "errMsg" Cross-Site Scripting Vulnerability + Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability 51419 @@ -4724,7 +4724,7 @@ - WooCommerce Predictive Search "rs" Cross-Site Scripting Vulnerability + WooCommerce Predictive Search - "rs" Cross-Site Scripting Vulnerability 51385 @@ -4734,7 +4734,7 @@ - WooCommerce index.php calc_shipping_state Parameter XSS + WooCommerce - index.php calc_shipping_state Parameter XSS 95480 @@ -4745,7 +4745,7 @@ - WP e-Commerce Predictive Search "rs" Cross-Site Scripting Vulnerability + WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability 51384 @@ -4755,7 +4755,7 @@ - vTiger CRM Lead Capture Unspecified Vulnerability + vTiger - CRM Lead Capture Unspecified Vulnerability 51305 @@ -4766,14 +4766,14 @@ - WP-PostViews "search_input" Cross-Site Scripting Vulnerability + WP-PostViews - "search_input" Cross-Site Scripting Vulnerability 50982 XSS - WP-PostViews Cross-Site Request Forgery Vulnerability + WP-PostViews - Cross-Site Request Forgery Vulnerability 53127 @@ -4784,7 +4784,7 @@ - DX-Contribute Cross-Site Request Forgery Vulnerability + DX-Contribute - Cross-Site Request Forgery Vulnerability 51082 @@ -4794,7 +4794,7 @@ - SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin + Wysija Newsletters - SQL Injection Vulnerability https://www.htbridge.com/advisory/HTB23140 http://packetstormsecurity.com/files/120089/ @@ -4805,7 +4805,7 @@ 2.2.1 - Wysija Newsletters swfupload Cross-Site Scripting Vulnerability + Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html @@ -6780,7 +6780,7 @@ - Simple Flickr Display Username Field Stored XSS + Simple Flickr Display - Username Field Stored XSS 97991 @@ -7036,6 +7036,7 @@ Quick Contact Form 6.0 - Persistent XSS + 98279 28808 http://packetstormsecurity.com/files/123549/ http://quick-plugins.com/quick-contact-form/ @@ -7167,6 +7168,7 @@ Simple Flash Video 1.7 - Cross Site Scripting + 98371 http://packetstormsecurity.com/files/123562/ XSS @@ -7186,4 +7188,25 @@ + + + Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF + + 98352 + 2013-5977 + + CSRF + 1.5.1.15 + + + Cart66 - admin.php cart66-products Page Multiple Field Stored XSS + + 98353 + 2013-5978 + + XSS + 1.5.1.15 + + +