From a4dfb05d0c8ee17eeb294c6935a0b09b2d01c190 Mon Sep 17 00:00:00 2001
From: Peter <vanderlaan.pm@gmail.com>
Date: Tue, 8 Apr 2014 09:04:52 +0200
Subject: [PATCH] Update vuln db

---
 data/plugin_vulns.xml | 32 +++++++++++++++++++++++++++++---
 data/theme_vulns.xml  | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 3 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index ca25eb06..577fbb76 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -10446,6 +10446,7 @@
       <title>JS MultiHotel 2.2.1 - includes/show_image.php file Parameter Remote File Inclusion DoS</title>
       <references>
         <osvdb>105185</osvdb>
+        <url>http://packetstormsecurity.com/files/125959/</url>
         <url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
       </references>
       <type>RFI</type>
@@ -10454,6 +10455,7 @@
       <title>JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS</title>
       <references>
         <osvdb>105186</osvdb>
+        <url>http://packetstormsecurity.com/files/125959/</url>
         <url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
         <url>http://www.securityfocus.com/bid/66529</url>
       </references>
@@ -10463,6 +10465,7 @@
       <title>JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure</title>
       <references>
         <osvdb>105187</osvdb>
+        <url>http://packetstormsecurity.com/files/125959/</url>
         <url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
       </references>
       <type>FPD</type>
@@ -10477,7 +10480,7 @@
       <type>FPD</type>
     </vulnerability>
     <vulnerability>
-      <title>Js-Multi-Hotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS</title>
+      <title>JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS</title>
       <references>
         <osvdb>100575</osvdb>
         <secunia>55919</secunia>
@@ -11542,6 +11545,7 @@
       <title>Media File Renamer v1.7.0 - Persistent XSS</title>
       <references>
         <cve>2014-2040</cve>
+        <url>http://packetstormsecurity.com/files/125378/</url>
         <url>http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/</url>
       </references>
       <type>XSS</type>
@@ -11576,6 +11580,7 @@
       <references>
         <osvdb>103831</osvdb>
         <secunia>57203</secunia>
+        <url>http://packetstormsecurity.com/files/125421/</url>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -11712,6 +11717,7 @@
       <references>
         <cve>2014-2340</cve>
         <osvdb>104402</osvdb>
+        <url>http://packetstormsecurity.com/files/125991/</url>
         <url>https://www.htbridge.com/advisory/HTB23206</url>
       </references>
       <type>CSRF</type>
@@ -12137,9 +12143,9 @@
   
   <plugin name="wp-business-intelligence-lite">
     <vulnerability>
-      <title>Wordpress Plugin "wp-business-intelligence-lite" Remote Code Execution Exploit</title>
+      <title>Wordpress Plugin "wp-business-intelligence-lite" - Remote Code Execution Exploit</title>
       <references>
-        <url>http://packetstormsecurity.com/files/125927/wpbizintel-shell.txt</url>
+        <url>http://packetstormsecurity.com/files/125927/</url>
         <url>http://cxsecurity.com/issue/WLB-2014030243</url>
       </references>
       <type>RCE</type>
@@ -12147,4 +12153,24 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="barclaycart">
+    <vulnerability>
+      <title>Barclaycart - Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125552/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="Premium_Gallery_Manager">
+    <vulnerability>
+      <title>Premium Gallery Manager - Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125586/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 7266f50a..1304a6ec 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -93,6 +93,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>vithy - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="appius">
@@ -110,6 +117,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>appius - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="yvora">
@@ -144,6 +158,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>Shotzz - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="dagda">
@@ -154,6 +175,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>dagda - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="moneymasters">
@@ -1905,6 +1933,13 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
+      <title>felici - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125830/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="classic">