garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added vulns & refs

Browse Source
This commit is contained in:
erwanlr
2013-07-05 10:39:38 +02:00
parent f2fc5294e8
commit a75dae8128
3 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
data/plugin_vulns.xml
View File

@@ -3061,6 +3061,11 @@
<reference>http://www.exploit-db.com/exploits/17872/</reference> <reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type> <type>UPLOAD</type>
</vulnerability> </vulnerability>
<vulnerability>
<title> Category Grid View Gallery CatGridPost.php ID Parameter XSS</title>
<reference>http://osvdb.org/94805</reference>
<type>XSS</type>
</vulnerability>
</plugin> </plugin>
<plugin name="auto-attachments"> <plugin name="auto-attachments">
@@ -3282,6 +3287,12 @@
<type>XSS</type> <type>XSS</type>
<fixed_in>5.0.3</fixed_in> <fixed_in>5.0.3</fixed_in>
</vulnerability> </vulnerability>
<vulnerability>
<title>WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS</title>
<reference>http://osvdb.org/94465</reference>
<type>XSS</type>
<fixed_in>5.0.11</fixed_in>
</vulnerability>
</plugin> </plugin>
<plugin name="backwpup"> <plugin name="backwpup">
@@ -4862,6 +4873,12 @@
<title>Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities</title> <title>Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/53491/</reference> <reference>http://secunia.com/advisories/53491/</reference>
<reference>http://osvdb.org/93591</reference> <reference>http://osvdb.org/93591</reference>
<reference>http://osvdb.org/93593</reference>
<reference>http://osvdb.org/93594</reference>
<reference>http://osvdb.org/93595</reference>
<reference>http://osvdb.org/93596</reference>
<reference>http://osvdb.org/93597</reference>
<reference>http://osvdb.org/93598</reference>
<type>MULTI</type> <type>MULTI</type>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -4871,6 +4888,11 @@
<title>Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title> <title>Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
<reference>http://secunia.com/advisories/53481/</reference> <reference>http://secunia.com/advisories/53481/</reference>
<reference>http://osvdb.org/93584</reference> <reference>http://osvdb.org/93584</reference>
<reference>http://osvdb.org/93585</reference>
<reference>http://osvdb.org/93586</reference>
<reference>http://osvdb.org/93587</reference>
<reference>http://osvdb.org/93588</reference>
<reference>http://osvdb.org/93582</reference>
<type>MULTI</type> <type>MULTI</type>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -4924,4 +4946,45 @@
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="dropdown-menu-widget">
<vulnerability>
<title>Dropdown Menu Widget Script Insertion CSRF</title>
<reference>http://osvdb.org/94771</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="feed">
<vulnerability>
<title>Feed news_dt.php nid Parameter SQL Injection</title>
<reference>http://osvdb.org/94804</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="buddypress-extended-friendship-request">
<vulnerability>
<title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS</title>
<reference>http://osvdb.org/94807</reference>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-private-messages">
<vulnerability>
<title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
<reference>http://osvdb.org/94702</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="stream-video-player">
<vulnerability>
<title>Stream Video Player Plugin for WordPress Setting Manipulation CSRF</title>
<reference>http://osvdb.org/94466</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
</vulnerabilities> </vulnerabilities>

1
data/vuln.xsd
View File

@@ -26,6 +26,7 @@
<xs:enumeration value="UNKNOWN"/> <xs:enumeration value="UNKNOWN"/>
<xs:enumeration value="XSS"/> <xs:enumeration value="XSS"/>
<xs:enumeration value="CSRF"/> <xs:enumeration value="CSRF"/>
<xs:enumeration value="SSRF"/>
<xs:enumeration value="AUTHBYPASS"/> <xs:enumeration value="AUTHBYPASS"/>
<xs:enumeration value="FPD"/> <xs:enumeration value="FPD"/>
<xs:enumeration value="XXE"/> <xs:enumeration value="XXE"/>

33
data/wp_vulns.xml
View File

@@ -11,6 +11,39 @@
<reference>http://osvdb.org/94235</reference> <reference>http://osvdb.org/94235</reference>
<type>UNKNOWN</type> <type>UNKNOWN</type>
</vulnerability> </vulnerability>
<vulnerability>
<title>WordPress Multiple XSS</title>
<reference>http://osvdb.org/94791</reference>
<reference>http://osvdb.org/94785</reference>
<reference>http://osvdb.org/94786</reference>
<reference>http://osvdb.org/94790</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness</title>
<reference>http://osvdb.org/94787</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title> WordPress File Upload Unspecified Path Disclosure</title>
<reference>http://osvdb.org/94788</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure</title>
<reference>http://osvdb.org/94789</reference>
<type>XXE</type>
</vulnerability>
<vulnerability>
<title>WordPress Multiple Role Remote Privilege Escalation</title>
<reference>http://osvdb.org/94783</reference>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>WordPress HTTP API Unspecified Server Side Request Forgery (SSRF)</title>
<reference>http://osvdb.org/94784</reference>
<type>SSRF</type>
</vulnerability>
</wordpress> </wordpress>
<wordpress version="3.5"> <wordpress version="3.5">