From cc0ce769b78f0b2db6070da7760373d9a9591f6a Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Mon, 11 Nov 2013 23:28:28 +0100
Subject: [PATCH] Update theme_vulns.xml

---
 data/theme_vulns.xml | 100 +++++++++++++++++++++++++------------------
 1 file changed, 59 insertions(+), 41 deletions(-)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index d03cc34a..7ce1f5f4 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -80,54 +80,92 @@
 
   <theme name="vithy">
     <vulnerability>
-      <title>vithy Full Path Disclosure vulnerability</title>
+      <title>vithy - Full Path Disclosure vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20040</url>
       </references>
       <type>FPD</type>
     </vulnerability>
+    <vulnerability>
+      <title>vithy - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/19830</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="appius">
     <vulnerability>
-      <title>appius Full Path Disclosure vulnerability</title>
+      <title>appius - Full Path Disclosure vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20039</url>
       </references>
       <type>FPD</type>
     </vulnerability>
+    <vulnerability>
+      <title>appius - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/19831</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="yvora">
     <vulnerability>
-      <title>yvora Full Path Disclosure vulnerability</title>
+      <title>yvora - Full Path Disclosure vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20038</url>
       </references>
       <type>FPD</type>
     </vulnerability>
+    <vulnerability>
+      <title>yvora - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/19834</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="shotzz">
     <vulnerability>
-      <title>shotzz Full Path Disclosure vulnerability</title>
+      <title>Shotzz - Full Path Disclosure vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20041</url>
       </references>
       <type>FPD</type>
     </vulnerability>
+    <vulnerability>
+      <title>Shotzz - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/19829</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="dagda">
+    <vulnerability>
+      <title>dagda - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/19832</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="moneymasters">
     <vulnerability>
-      <title>moneymasters Full Path Disclosure vulnerability</title>
+      <title>moneymasters - Full Path Disclosure vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20077</url>
       </references>
       <type>FPD</type>
     </vulnerability>
     <vulnerability>
-      <title>moneymasters File Upload Vulnerability (metasploit)</title>
+      <title>moneymasters - File Upload Vulnerability (metasploit)</title>
       <references>
         <url>http://1337day.com/exploit/20076</url>
       </references>
@@ -457,7 +495,7 @@
 
   <theme name="famous">
     <vulnerability>
-      <title>WordPress Famous Theme 2.0.5 Shell Upload</title>
+      <title>Famous 2.0.5 - Shell Upload</title>
       <references>
         <url>http://packetstormsecurity.org/files/113842/</url>
       </references>
@@ -467,7 +505,7 @@
 
   <theme name="deep-blue">
     <vulnerability>
-      <title>WordPress Deep-Blue Theme 1.9.2 Arbitrary File Upload Vulnerability</title>
+      <title>Deep-Blue 1.9.2 - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://packetstormsecurity.org/files/113843/</url>
       </references>
@@ -477,7 +515,7 @@
 
   <theme name="classipress">
     <vulnerability>
-      <title>WordPress Classipress Theme &lt;= 3.1.4 Stored XSS</title>
+      <title>Classipress &lt;= 3.1.4 - Stored XSS</title>
       <references>
         <exploitdb>18053</exploitdb>
         <url>http://cxsecurity.com/issue/WLB-2011110001</url>
@@ -1528,7 +1566,7 @@
 
   <theme name="dt-chocolate">
     <vulnerability>
-      <title>Wordpress dt-chocolate Theme Image Open redirect</title>
+      <title>dt-chocolate - Image Open redirect</title>
       <references>
         <url>http://cxsecurity.com/issue/WLB-2013020011</url>
       </references>
@@ -1545,7 +1583,7 @@
 
   <theme name="sandbox">
     <vulnerability>
-      <title>Wordpress theme sandbox Arbitrary File Upload/FD Vulnerability</title>
+      <title>sandbox - Arbitrary File Upload/FD Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20228</url>
       </references>
@@ -1555,7 +1593,7 @@
 
   <theme name="clockstone">
     <vulnerability>
-      <title>WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability</title>
+      <title>Clockstone - upload.php Arbitrary File Upload Vulnerability</title>
       <references>
         <secunia>51619</secunia>
       </references>
@@ -1565,7 +1603,7 @@
 
   <theme name="archin">
     <vulnerability>
-      <title>WordPress Archin Theme Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
+      <title>Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
       <references>
         <secunia>50711</secunia>
       </references>
@@ -1575,7 +1613,7 @@
 
   <theme name="purity">
     <vulnerability>
-      <title>WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities</title>
+      <title>Purity - Multiple Cross-Site Scripting Vulnerabilities</title>
       <references>
         <secunia>50627</secunia>
       </references>
@@ -1599,7 +1637,7 @@
 
   <theme name="montezuma">
     <vulnerability>
-      <title>montezuma &lt;= 1.1.3 XSS in ZeroClipboard.swf</title>
+      <title>montezuma &lt;= 1.1.3 - XSS in ZeroClipboard.swf</title>
       <references>
         <url>http://1337day.com/exploit/20396</url>
       </references>
@@ -1609,7 +1647,7 @@
 
   <theme name="scarlet">
     <vulnerability>
-      <title>scarlet &lt;= 1.1.3 XSS in ZeroClipboard.swf</title>
+      <title>scarlet &lt;= 1.1.3 - XSS in ZeroClipboard.swf</title>
       <references>
         <url>http://1337day.com/exploit/20396</url>
       </references>
@@ -1619,7 +1657,7 @@
 
   <theme name="allure-real-estate-theme-for-placester">
     <vulnerability>
-      <title>allure-real-estate-theme-for-placester &lt;= 0.1.1 XSS in ZeroClipboard.swf</title>
+      <title>allure-real-estate-theme-for-placester &lt;= 0.1.1 - XSS in ZeroClipboard.swf</title>
       <references>
         <url>http://1337day.com/exploit/20396</url>
       </references>
@@ -1629,7 +1667,7 @@
 
   <theme name="allure-real-estate-theme-for-real-estate">
     <vulnerability>
-      <title>allure-real-estate-theme-for-real-estate &lt;= 0.1.1 XSS in ZeroClipboard.swf</title>
+      <title>allure-real-estate-theme-for-real-estate &lt;= 0.1.1 - XSS in ZeroClipboard.swf</title>
       <references>
         <url>http://1337day.com/exploit/20396</url>
       </references>
@@ -1639,7 +1677,7 @@
 
   <theme name="felici">
     <vulnerability>
-      <title>felici XSS Vulnerability</title>
+      <title>felici - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20560</url>
       </references>
@@ -1649,7 +1687,7 @@
 
   <theme name="classic">
     <vulnerability>
-      <title>Classic v1.5 Theme PHP_SELF XSS</title>
+      <title>Classic 1.5 - PHP_SELF XSS</title>
       <references>
         <url>http://osvdb.org/38450</url>
         <cve>2007-4483</cve>
@@ -1660,7 +1698,7 @@
 
   <theme name="brilliant">
     <vulnerability>
-      <title>brilliant File Upload Vulnerability</title>
+      <title>brilliant - File Upload Vulnerability</title>
       <references>
         <url>http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/</url>
       </references>
@@ -2014,26 +2052,6 @@
     </vulnerability>
   </theme>
 
-  <theme name="shotzz">
-    <vulnerability>
-      <title>Shotzz - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19829</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="vithy">
-    <vulnerability>
-      <title>vithy - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19830</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
   <theme name="kernel-theme">
     <vulnerability>
       <title>Kernel Theme - functions/upload-handler.php File Upload Remote Code Execution</title>