garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update vuln db

Browse Source
This commit is contained in:
Peter
2014-01-30 12:34:35 +01:00
parent 80667bc38f
commit b3a6251b04
1 changed files with 44 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
data/plugin_vulns.xml
View File

@@ -253,6 +253,7 @@
<title>All Video Gallery - Multiple SQL Injection Vulnerabilities</title> <title>All Video Gallery - Multiple SQL Injection Vulnerabilities</title>
<references> <references>
<secunia>50874</secunia> <secunia>50874</secunia>
<exploitdb>22427</exploitdb>
<url>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</url> <url>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</url>
</references> </references>
<type>SQLI</type> <type>SQLI</type>
@@ -1324,11 +1325,24 @@
<plugin name="social-discussions"> <plugin name="social-discussions">
<vulnerability> <vulnerability>
<title>Social Discussions - Multiple Vulnerabilities</title> <title>Social Discussions 6.1.1 - Multiple Script Direct Request Path Disclosure</title>
<references> <references>
<osvdb>86730</osvdb>
<exploitdb>22158</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79465</url>
<url>http://www.waraxe.us/advisory-93.html</url> <url>http://www.waraxe.us/advisory-93.html</url>
</references> </references>
<type>MULTI</type> <type>FPD</type>
</vulnerability>
<vulnerability>
<title>Social Discussions 6.1.1 - social-discussions-networkpub_ajax.php HTTP_ENV_VARS Parameter Remote File Inclusion</title>
<references>
<osvdb>86731</osvdb>
<exploitdb>22158</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79464</url>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
<type>RFI</type>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -3909,7 +3923,7 @@
<plugin name="nextgen-gallery"> <plugin name="nextgen-gallery">
<vulnerability> <vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title> <title>NextGEN Gallery - SWF Vulnerable to XSS</title>
<references> <references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url> <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51271</secunia> <secunia>51271</secunia>
@@ -3918,7 +3932,7 @@
<fixed_in>1.9.8</fixed_in> <fixed_in>1.9.8</fixed_in>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title> <title>NextGEN Gallery - swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title>
<references> <references>
<url>http://www.securityfocus.com/bid/60433</url> <url>http://www.securityfocus.com/bid/60433</url>
</references> </references>
@@ -8189,7 +8203,7 @@
<plugin name="indianic-testimonial"> <plugin name="indianic-testimonial">
<vulnerability> <vulnerability>
<title>IndiaNIC Testimonial 2.2 - CSRF vulnerability</title> <title>IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF</title>
<references> <references>
<osvdb>96792</osvdb> <osvdb>96792</osvdb>
<cve>2013-5672</cve> <cve>2013-5672</cve>
@@ -8200,7 +8214,7 @@
<type>CSRF</type> <type>CSRF</type>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>IndiaNIC Testimonial 2.2 - SQL Injection vulnerability</title> <title>IndiaNIC Testimonial 2.2 - testimonial.php custom_query Parameter SQL Injection</title>
<references> <references>
<osvdb>96793</osvdb> <osvdb>96793</osvdb>
<cve>2013-5673</cve> <cve>2013-5673</cve>
@@ -8211,11 +8225,12 @@
<type>SQLI</type> <type>SQLI</type>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>IndiaNIC Testimonial 2.2 - XSS vulnerability</title> <title>IndiaNIC Testimonial 2.2 - iNIC_testimonial_save Action Multiple Parameter XSS</title>
<references> <references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url> <osvdb>96795</osvdb>
<exploitdb>28054</exploitdb> <exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url> <url>http://packetstormsecurity.com/files/123036/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
</references> </references>
<type>XSS</type> <type>XSS</type>
</vulnerability> </vulnerability>
@@ -8827,6 +8842,15 @@
<type>XSS</type> <type>XSS</type>
<fixed_in>1.4.2</fixed_in> <fixed_in>1.4.2</fixed_in>
</vulnerability> </vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS</title>
<references>
<osvdb>96809</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability> <vulnerability>
<title>A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS</title> <title>A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS</title>
<references> <references>
@@ -10516,4 +10540,16 @@
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="webinar_plugin">
<vulnerability>
<title>Easy Webinar - get_widget.php wid Parameter SQL Injection</title>
<references>
<osvdb>86754</osvdb>
<exploitdb>22300</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>1.6.7</fixed_in>
</vulnerability>
</plugin>
</vulnerabilities> </vulnerabilities>