garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update theme_vulns.xml

Browse Source
This commit is contained in:
Peter van der Laan
2013-11-11 23:28:28 +01:00
parent 43c7586b61
commit cc0ce769b7
1 changed files with 59 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
data/theme_vulns.xml
View File

@@ -80,54 +80,92 @@
<theme name="vithy">
<vulnerability>
<title>vithy Full Path Disclosure vulnerability</title>
<title>vithy - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20040</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>vithy - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19830</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="appius">
<vulnerability>
<title>appius Full Path Disclosure vulnerability</title>
<title>appius - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20039</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>appius - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19831</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="yvora">
<vulnerability>
<title>yvora Full Path Disclosure vulnerability</title>
<title>yvora - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20038</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>yvora - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19834</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="shotzz">
<vulnerability>
<title>shotzz Full Path Disclosure vulnerability</title>
<title>Shotzz - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20041</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Shotzz - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19829</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="dagda">
<vulnerability>
<title>dagda - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19832</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="moneymasters">
<vulnerability>
<title>moneymasters Full Path Disclosure vulnerability</title>
<title>moneymasters - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20077</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>moneymasters File Upload Vulnerability (metasploit)</title>
<title>moneymasters - File Upload Vulnerability (metasploit)</title>
<references>
<url>http://1337day.com/exploit/20076</url>
</references>
@@ -457,7 +495,7 @@
<theme name="famous">
<vulnerability>
<title>WordPress Famous Theme 2.0.5 Shell Upload</title>
<title>Famous 2.0.5 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/113842/</url>
</references>
@@ -467,7 +505,7 @@
<theme name="deep-blue">
<vulnerability>
<title>WordPress Deep-Blue Theme 1.9.2 Arbitrary File Upload Vulnerability</title>
<title>Deep-Blue 1.9.2 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.org/files/113843/</url>
</references>
@@ -477,7 +515,7 @@
<theme name="classipress">
<vulnerability>
<title>WordPress Classipress Theme &lt;= 3.1.4 Stored XSS</title>
<title>Classipress &lt;= 3.1.4 - Stored XSS</title>
<references>
<exploitdb>18053</exploitdb>
<url>http://cxsecurity.com/issue/WLB-2011110001</url>
@@ -1528,7 +1566,7 @@
<theme name="dt-chocolate">
<vulnerability>
<title>Wordpress dt-chocolate Theme Image Open redirect</title>
<title>dt-chocolate - Image Open redirect</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020011</url>
</references>
@@ -1545,7 +1583,7 @@
<theme name="sandbox">
<vulnerability>
<title>Wordpress theme sandbox Arbitrary File Upload/FD Vulnerability</title>
<title>sandbox - Arbitrary File Upload/FD Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20228</url>
</references>
@@ -1555,7 +1593,7 @@
<theme name="clockstone">
<vulnerability>
<title>WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability</title>
<title>Clockstone - upload.php Arbitrary File Upload Vulnerability</title>
<references>
<secunia>51619</secunia>
</references>
@@ -1565,7 +1603,7 @@
<theme name="archin">
<vulnerability>
<title>WordPress Archin Theme Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
<title>Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
<references>
<secunia>50711</secunia>
</references>
@@ -1575,7 +1613,7 @@
<theme name="purity">
<vulnerability>
<title>WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities</title>
<title>Purity - Multiple Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50627</secunia>
</references>
@@ -1599,7 +1637,7 @@
<theme name="montezuma">
<vulnerability>
<title>montezuma &lt;= 1.1.3 XSS in ZeroClipboard.swf</title>
<title>montezuma &lt;= 1.1.3 - XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
@@ -1609,7 +1647,7 @@
<theme name="scarlet">
<vulnerability>
<title>scarlet &lt;= 1.1.3 XSS in ZeroClipboard.swf</title>
<title>scarlet &lt;= 1.1.3 - XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
@@ -1619,7 +1657,7 @@
<theme name="allure-real-estate-theme-for-placester">
<vulnerability>
<title>allure-real-estate-theme-for-placester &lt;= 0.1.1 XSS in ZeroClipboard.swf</title>
<title>allure-real-estate-theme-for-placester &lt;= 0.1.1 - XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
@@ -1629,7 +1667,7 @@
<theme name="allure-real-estate-theme-for-real-estate">
<vulnerability>
<title>allure-real-estate-theme-for-real-estate &lt;= 0.1.1 XSS in ZeroClipboard.swf</title>
<title>allure-real-estate-theme-for-real-estate &lt;= 0.1.1 - XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
@@ -1639,7 +1677,7 @@
<theme name="felici">
<vulnerability>
<title>felici XSS Vulnerability</title>
<title>felici - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20560</url>
</references>
@@ -1649,7 +1687,7 @@
<theme name="classic">
<vulnerability>
<title>Classic v1.5 Theme PHP_SELF XSS</title>
<title>Classic 1.5 - PHP_SELF XSS</title>
<references>
<url>http://osvdb.org/38450</url>
<cve>2007-4483</cve>
@@ -1660,7 +1698,7 @@
<theme name="brilliant">
<vulnerability>
<title>brilliant File Upload Vulnerability</title>
<title>brilliant - File Upload Vulnerability</title>
<references>
<url>http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/</url>
</references>
@@ -2014,26 +2052,6 @@
</vulnerability>
</theme>
<theme name="shotzz">
<vulnerability>
<title>Shotzz - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19829</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="vithy">
<vulnerability>
<title>vithy - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19830</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="kernel-theme">
<vulnerability>
<title>Kernel Theme - functions/upload-handler.php File Upload Remote Code Execution</title>