Added vulns & refs

2013-07-05 10:39:38 +02:00
parent f2fc5294e8
commit a75dae8128
3 changed files with 97 additions and 0 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -3061,6 +3061,11 @@
      <reference>http://www.exploit-db.com/exploits/17872/</reference>
      <type>UPLOAD</type>
    </vulnerability>
+    <vulnerability>
+      <title> Category Grid View Gallery CatGridPost.php ID Parameter XSS</title>
+      <reference>http://osvdb.org/94805</reference>
+      <type>XSS</type>
+    </vulnerability>
  </plugin>

  <plugin name="auto-attachments">
@@ -3282,6 +3287,12 @@
      <type>XSS</type>
      <fixed_in>5.0.3</fixed_in>
    </vulnerability>
+    <vulnerability>
+      <title>WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS</title>
+      <reference>http://osvdb.org/94465</reference>
+      <type>XSS</type>
+      <fixed_in>5.0.11</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="backwpup">
@@ -4862,6 +4873,12 @@
      <title>Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities</title>
      <reference>http://secunia.com/advisories/53491/</reference>
      <reference>http://osvdb.org/93591</reference>
+      <reference>http://osvdb.org/93593</reference>
+      <reference>http://osvdb.org/93594</reference>
+      <reference>http://osvdb.org/93595</reference>
+      <reference>http://osvdb.org/93596</reference>
+      <reference>http://osvdb.org/93597</reference>
+      <reference>http://osvdb.org/93598</reference>
      <type>MULTI</type>
    </vulnerability>
  </plugin>
@@ -4871,6 +4888,11 @@
      <title>Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
      <reference>http://secunia.com/advisories/53481/</reference>
      <reference>http://osvdb.org/93584</reference>
+      <reference>http://osvdb.org/93585</reference>
+      <reference>http://osvdb.org/93586</reference>
+      <reference>http://osvdb.org/93587</reference>
+      <reference>http://osvdb.org/93588</reference>
+      <reference>http://osvdb.org/93582</reference>
      <type>MULTI</type>
    </vulnerability>
  </plugin>
@@ -4924,4 +4946,45 @@
    </vulnerability>
  </plugin>

+  <plugin name="dropdown-menu-widget">
+    <vulnerability>
+      <title>Dropdown Menu Widget Script Insertion CSRF</title>
+      <reference>http://osvdb.org/94771</reference>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="feed">
+    <vulnerability>
+      <title>Feed news_dt.php nid Parameter SQL Injection</title>
+      <reference>http://osvdb.org/94804</reference>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="buddypress-extended-friendship-request">
+    <vulnerability>
+      <title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS</title>
+      <reference>http://osvdb.org/94807</reference>
+      <type>XSS</type>
+      <fixed_in>1.0.2</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-private-messages">
+    <vulnerability>
+      <title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
+      <reference>http://osvdb.org/94702</reference>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="stream-video-player">
+    <vulnerability>
+      <title>Stream Video Player Plugin for WordPress Setting Manipulation CSRF</title>
+      <reference>http://osvdb.org/94466</reference>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>