From cdd2c96b5eaf092d430272392c6495fa44ea64b8 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Fri, 10 May 2013 10:45:51 +0200
Subject: [PATCH] Fix #176 Plugins vulnerabilities added

---
 data/plugin_vulns.xml | 98 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 96 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 3f6a260b..462e22ad 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -4137,9 +4137,12 @@
 
   <plugin name="open-flash-chart-core-wordpress-plugin">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>ofc_upload_image.php &lt; 0.5 Arbitrary File Upload Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <reference>http://secunia.com/advisories/37903</reference>
+      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
       <type>UPLOAD</type>
+      <!--<fixed_in>0.5</fixed_in>-->
     </vulnerability>
   </plugin>
 
@@ -4225,11 +4228,102 @@
 
   <plugin name="social-media-widget">
     <vulnerability>
-      <title>social-media-widget &lt; 4.0.1 malicious code</title>
+      <title>social-media-widget &lt; 4.0.2 malicious code</title>
       <reference>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</reference>
       <reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
       <type>UNKNOWN</type>
     </vulnerability>
   </plugin>
 
+  <plugin name="facebook-members">
+    <vulnerability>
+      <title>facebook-members &lt; 5.0.5 CSRF</title>
+      <reference>https://secunia.com/advisories/52962/</reference>
+      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
+      <type>CSRF</type>
+      <!--<fixed_in>5.0.5</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
+  <plugin name="foursquare-checkins">
+    <vulnerability>
+      <title>foursquare-checkins &lt; 1.3 CSRF</title>
+      <reference>https://secunia.com/advisories/53151/</reference>
+      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
+      <type>CSRF</type>
+      <!--<fixed_in>1.3</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
+  <plugin name="formidable">
+    <vulnerability>
+      <title>formidable Pro &lt; 1.06.09 Unspecified Vulnerabilities</title>
+      <reference>https://secunia.com/advisories/53121/</reference>
+      <type>UNKNOWN</type>
+      <!--<fixed_in>1.06.09</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
+  <plugin name="all-in-one-webmaster">
+    <vulnerability>
+      <title>all-in-one-webmaster &lt; 8.2.4 CSRF</title>
+      <reference>https://secunia.com/advisories/52877/</reference>
+      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
+      <type>CSRF</type>
+      <!--<fixed_in>8.2.4</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
+  <plugin name="background-music">
+    <vulnerability>
+      <title>background-music 1.0 jPlayer.swf XSS</title>
+      <reference>https://secunia.com/advisories/53057/</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="haiku-minimalist-audio-player">
+    <vulnerability>
+      <title>haiku-minimalist-audio-player &lt;= 1.0.0 jPlayer.swf XSS</title>
+      <reference>https://secunia.com/advisories/51336/</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="jammer">
+    <vulnerability>
+      <title>jammer &lt;= 0.2 jPlayer.swf XSS</title>
+      <reference>https://secunia.com/advisories/53106/</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="syntaxhighlighter">
+    <vulnerability>
+      <title>syntaxhighlighter &lt; 3.1.6 clipboard.swf XSS</title>
+      <reference>https://secunia.com/advisories/53235/</reference>
+      <type>XSS</type>
+      <!--<fixed_in>3.1.6</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
+  <plugin name="top-10">
+    <vulnerability>
+      <title>top-10 &lt; 1.9.3 CSRF</title>
+      <reference>https://secunia.com/advisories/53205/</reference>
+      <type>CSRF</type>
+      <!--<fixed_in>1.9.3</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
+  <plugin name="easy-adsense-lite">
+    <vulnerability>
+      <title>easy-adsense-lite &lt; 6.20 CSRF</title>
+      <reference>https://secunia.com/advisories/52953/</reference>
+      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
+      <type>CSRF</type>
+      <!--<fixed_in>6.20</fixed_in>-->
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>