Fix #176 Plugins vulnerabilities added
This commit is contained in:
erwanlr
@@ -4137,9 +4137,12 @@
|
|||||||
|
|
||||||
<plugin name="open-flash-chart-core-wordpress-plugin">
|
<plugin name="open-flash-chart-core-wordpress-plugin">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
|
<title>ofc_upload_image.php < 0.5 Arbitrary File Upload Vulnerability</title>
|
||||||
<reference>http://www.exploit-db.com/exploits/24492/</reference>
|
<reference>http://www.exploit-db.com/exploits/24492/</reference>
|
||||||
|
<reference>http://secunia.com/advisories/37903</reference>
|
||||||
|
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
|
||||||
<type>UPLOAD</type>
|
<type>UPLOAD</type>
|
||||||
|
<!--<fixed_in>0.5</fixed_in>-->
|
||||||
</vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
|
||||||
@@ -4225,11 +4228,102 @@
|
|||||||
|
|
||||||
<plugin name="social-media-widget">
|
<plugin name="social-media-widget">
|
||||||
<vulnerability>
|
<vulnerability>
|
||||||
<title>social-media-widget < 4.0.1 malicious code</title>
|
<title>social-media-widget < 4.0.2 malicious code</title>
|
||||||
<reference>http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk</reference>
|
<reference>http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk</reference>
|
||||||
<reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
|
<reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
|
||||||
<type>UNKNOWN</type>
|
<type>UNKNOWN</type>
|
||||||
</vulnerability>
|
</vulnerability>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="facebook-members">
|
||||||
|
<vulnerability>
|
||||||
|
<title>facebook-members < 5.0.5 CSRF</title>
|
||||||
|
<reference>https://secunia.com/advisories/52962/</reference>
|
||||||
|
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
|
||||||
|
<type>CSRF</type>
|
||||||
|
<!--<fixed_in>5.0.5</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="foursquare-checkins">
|
||||||
|
<vulnerability>
|
||||||
|
<title>foursquare-checkins < 1.3 CSRF</title>
|
||||||
|
<reference>https://secunia.com/advisories/53151/</reference>
|
||||||
|
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
|
||||||
|
<type>CSRF</type>
|
||||||
|
<!--<fixed_in>1.3</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="formidable">
|
||||||
|
<vulnerability>
|
||||||
|
<title>formidable Pro < 1.06.09 Unspecified Vulnerabilities</title>
|
||||||
|
<reference>https://secunia.com/advisories/53121/</reference>
|
||||||
|
<type>UNKNOWN</type>
|
||||||
|
<!--<fixed_in>1.06.09</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="all-in-one-webmaster">
|
||||||
|
<vulnerability>
|
||||||
|
<title>all-in-one-webmaster < 8.2.4 CSRF</title>
|
||||||
|
<reference>https://secunia.com/advisories/52877/</reference>
|
||||||
|
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
|
||||||
|
<type>CSRF</type>
|
||||||
|
<!--<fixed_in>8.2.4</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="background-music">
|
||||||
|
<vulnerability>
|
||||||
|
<title>background-music 1.0 jPlayer.swf XSS</title>
|
||||||
|
<reference>https://secunia.com/advisories/53057/</reference>
|
||||||
|
<type>XSS</type>
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="haiku-minimalist-audio-player">
|
||||||
|
<vulnerability>
|
||||||
|
<title>haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS</title>
|
||||||
|
<reference>https://secunia.com/advisories/51336/</reference>
|
||||||
|
<type>XSS</type>
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="jammer">
|
||||||
|
<vulnerability>
|
||||||
|
<title>jammer <= 0.2 jPlayer.swf XSS</title>
|
||||||
|
<reference>https://secunia.com/advisories/53106/</reference>
|
||||||
|
<type>XSS</type>
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="syntaxhighlighter">
|
||||||
|
<vulnerability>
|
||||||
|
<title>syntaxhighlighter < 3.1.6 clipboard.swf XSS</title>
|
||||||
|
<reference>https://secunia.com/advisories/53235/</reference>
|
||||||
|
<type>XSS</type>
|
||||||
|
<!--<fixed_in>3.1.6</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="top-10">
|
||||||
|
<vulnerability>
|
||||||
|
<title>top-10 < 1.9.3 CSRF</title>
|
||||||
|
<reference>https://secunia.com/advisories/53205/</reference>
|
||||||
|
<type>CSRF</type>
|
||||||
|
<!--<fixed_in>1.9.3</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin name="easy-adsense-lite">
|
||||||
|
<vulnerability>
|
||||||
|
<title>easy-adsense-lite < 6.20 CSRF</title>
|
||||||
|
<reference>https://secunia.com/advisories/52953/</reference>
|
||||||
|
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
|
||||||
|
<type>CSRF</type>
|
||||||
|
<!--<fixed_in>6.20</fixed_in>-->
|
||||||
|
</vulnerability>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
</vulnerabilities>
|
</vulnerabilities>
|
||||||
|
|||||||
Reference in New Issue
Block a user