garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #176 Plugins vulnerabilities added

Browse Source
This commit is contained in:
erwanlr
2013-05-10 10:45:51 +02:00
parent ebe35cb7b2
commit cdd2c96b5e
1 changed files with 96 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
data/plugin_vulns.xml
View File

@@ -4137,9 +4137,12 @@
<plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>ofc_upload_image.php &lt; 0.5 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<reference>http://secunia.com/advisories/37903</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
<type>UPLOAD</type>
<!--<fixed_in>0.5</fixed_in>-->
</vulnerability>
</plugin>
@@ -4225,11 +4228,102 @@
<plugin name="social-media-widget">
<vulnerability>
<title>social-media-widget &lt; 4.0.1 malicious code</title>
<title>social-media-widget &lt; 4.0.2 malicious code</title>
<reference>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</reference>
<reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="facebook-members">
<vulnerability>
<title>facebook-members &lt; 5.0.5 CSRF</title>
<reference>https://secunia.com/advisories/52962/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
<type>CSRF</type>
<!--<fixed_in>5.0.5</fixed_in>-->
</vulnerability>
</plugin>
<plugin name="foursquare-checkins">
<vulnerability>
<title>foursquare-checkins &lt; 1.3 CSRF</title>
<reference>https://secunia.com/advisories/53151/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
<type>CSRF</type>
<!--<fixed_in>1.3</fixed_in>-->
</vulnerability>
</plugin>
<plugin name="formidable">
<vulnerability>
<title>formidable Pro &lt; 1.06.09 Unspecified Vulnerabilities</title>
<reference>https://secunia.com/advisories/53121/</reference>
<type>UNKNOWN</type>
<!--<fixed_in>1.06.09</fixed_in>-->
</vulnerability>
</plugin>
<plugin name="all-in-one-webmaster">
<vulnerability>
<title>all-in-one-webmaster &lt; 8.2.4 CSRF</title>
<reference>https://secunia.com/advisories/52877/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
<type>CSRF</type>
<!--<fixed_in>8.2.4</fixed_in>-->
</vulnerability>
</plugin>
<plugin name="background-music">
<vulnerability>
<title>background-music 1.0 jPlayer.swf XSS</title>
<reference>https://secunia.com/advisories/53057/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="haiku-minimalist-audio-player">
<vulnerability>
<title>haiku-minimalist-audio-player &lt;= 1.0.0 jPlayer.swf XSS</title>
<reference>https://secunia.com/advisories/51336/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jammer">
<vulnerability>
<title>jammer &lt;= 0.2 jPlayer.swf XSS</title>
<reference>https://secunia.com/advisories/53106/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="syntaxhighlighter">
<vulnerability>
<title>syntaxhighlighter &lt; 3.1.6 clipboard.swf XSS</title>
<reference>https://secunia.com/advisories/53235/</reference>
<type>XSS</type>
<!--<fixed_in>3.1.6</fixed_in>-->
</vulnerability>
</plugin>
<plugin name="top-10">
<vulnerability>
<title>top-10 &lt; 1.9.3 CSRF</title>
<reference>https://secunia.com/advisories/53205/</reference>
<type>CSRF</type>
<!--<fixed_in>1.9.3</fixed_in>-->
</vulnerability>
</plugin>
<plugin name="easy-adsense-lite">
<vulnerability>
<title>easy-adsense-lite &lt; 6.20 CSRF</title>
<reference>https://secunia.com/advisories/52953/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
<type>CSRF</type>
<!--<fixed_in>6.20</fixed_in>-->
</vulnerability>
</plugin>
</vulnerabilities>