garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update plugin_vulns.xml

Browse Source
This commit is contained in:
Peter van der Laan
2013-10-13 09:45:32 +02:00
parent 9d6e50c8e2
commit db82b2584c
1 changed files with 45 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
data/plugin_vulns.xml
View File

@@ -5,21 +5,23 @@
<plugin name="content-slide">
<vulnerability>
<title>Content Slide - Cross-Site Requst Forgery Vulnerability</title>
<type>CSRF</type>
<title>Content Slide 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
<references>
<osvdb>93871</osvdb>
<cve>2013-2708</cve>
<secunia>52949</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-paypal-shopping-cart">
<vulnerability>
<title>Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability</title>
<title>Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52963</secunia>
<osvdb>93953</osvdb>
<cve>2013-2705</cve>
<secunia>52963</secunia>
</references>
<type>CSRF</type>
<fixed_in>3.6</fixed_in>
@@ -28,18 +30,19 @@
<plugin name="wp-sendsms">
<vulnerability>
<title>WP-SendSMS - Setting Manipulation CSRF</title>
<title>WP-SendSMS 1.0 - Setting Manipulation CSRF</title>
<references>
<secunia>53796</secunia>
<osvdb>94209</osvdb>
<secunia>53796</secunia>
<exploitdb>26124</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS</title>
<title>WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>94210</osvdb>
<exploitdb>26124</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
@@ -4261,6 +4264,8 @@
<vulnerability>
<title>Extend 1.3.7 - Shell Upload vulnerability</title>
<references>
<osvdb>75638</osvdb>
<cve>2011-4106</cve>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
@@ -5098,7 +5103,7 @@
<plugin name="gotmls">
<vulnerability>
<title>Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
<title>Get Off Malicious Scripts - Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50030</secunia>
</references>
@@ -5131,7 +5136,7 @@
<plugin name="wp-explorer-gallery">
<vulnerability>
<title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title>
<title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20251</url>
</references>
@@ -5141,7 +5146,7 @@
<plugin name="accordion">
<vulnerability>
<title>accordion Arbitrary File Upload Vulnerability</title>
<title>accordion - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20254</url>
</references>
@@ -5151,7 +5156,7 @@
<plugin name="wp-catpro">
<vulnerability>
<title>wp-catpro Arbitrary File Upload Vulnerability</title>
<title>wp-catpro - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20256</url>
</references>
@@ -5242,7 +5247,7 @@
<plugin name="forumconverter">
<vulnerability>
<title>ForumConverter SQL Injection Vulnerability</title>
<title>ForumConverter - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20275</url>
</references>
@@ -5252,7 +5257,7 @@
<plugin name="newsletter">
<vulnerability>
<title>Newsletter SQL Injection Vulnerability</title>
<title>Newsletter - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20287</url>
</references>
@@ -5271,7 +5276,7 @@
<plugin name="commentluv">
<vulnerability>
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
<title>CommentLuv - Cross Site Scripting Vulnerability</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23138</url>
<url>http://packetstormsecurity.com/files/120090/</url>
@@ -5373,7 +5378,7 @@
<plugin name="smart-flv">
<vulnerability>
<title>smart-flv jwplayer.swf XSS</title>
<title>smart-flv - jwplayer.swf XSS</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
<url>http://packetstormsecurity.com/files/115100/</url>
@@ -5397,7 +5402,6 @@
<vulnerability>
<title>PHP Shell Plugin</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/138</url>
<url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
</references>
@@ -5407,7 +5411,7 @@
<plugin name="marekkis-watermark">
<vulnerability>
<title>Marekkis Watermark Cross Site Scripting</title>
<title>Marekkis Watermark - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120378/</url>
</references>
@@ -5417,7 +5421,7 @@
<plugin name="responsive-logo-slideshow">
<vulnerability>
<title>Responsive Logo Slideshow Cross Site Scripting</title>
<title>Responsive Logo Slideshow - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120379/</url>
</references>
@@ -5717,7 +5721,7 @@
<plugin name="vkontakte-api">
<vulnerability>
<title>vkontakte-api XSS vulnerability</title>
<title>vkontakte-api - XSS vulnerability</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
<cve>2009-4168</cve>
@@ -5728,7 +5732,7 @@
<plugin name="terillion-reviews">
<vulnerability>
<title>Terillion Reviews Cross Site Scripting</title>
<title>Terillion Reviews - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120730/</url>
</references>
@@ -5792,7 +5796,7 @@
<plugin name="wp-banners-lite">
<vulnerability>
<title>XSS vulnerability on WP-Banners-Lite</title>
<title>WP-Banners-Lite - XSS vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
@@ -5828,7 +5832,7 @@
<plugin name="chikuncount">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
@@ -5838,7 +5842,7 @@
<plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<secunia>37903</secunia>
@@ -5851,7 +5855,7 @@
<plugin name="spamtask">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
@@ -5861,7 +5865,7 @@
<plugin name="php-analytics">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
@@ -5871,7 +5875,7 @@
<plugin name="seo-spy-google-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
@@ -5881,7 +5885,7 @@
<plugin name="wp-seo-spy-google">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
@@ -5901,7 +5905,7 @@
<plugin name="fbsurveypro">
<vulnerability>
<title>fbsurveypro XSS Vulnerability</title>
<title>fbsurveypro - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20623</url>
</references>
@@ -5911,7 +5915,7 @@
<plugin name="timelineoptinpro">
<vulnerability>
<title>timelineoptinpro XSS Vulnerability</title>
<title>timelineoptinpro - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20620</url>
</references>
@@ -5921,7 +5925,7 @@
<plugin name="kioskprox">
<vulnerability>
<title>kioskprox XSS Vulnerability</title>
<title>kioskprox - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20624</url>
</references>
@@ -5931,7 +5935,7 @@
<plugin name="bigcontact">
<vulnerability>
<title>bigcontact SQLI</title>
<title>bigcontact - SQLI</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/689798</url>
</references>
@@ -5942,7 +5946,7 @@
<plugin name="drawblog">
<vulnerability>
<title>drawblog CSRF</title>
<title>drawblog - CSRF</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/691178</url>
</references>
@@ -5953,7 +5957,7 @@
<plugin name="social-media-widget">
<vulnerability>
<title>social-media-widget malicious code</title>
<title>social-media-widget - malicious code</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
<url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
@@ -5966,7 +5970,7 @@
<plugin name="facebook-members">
<vulnerability>
<title>facebook-members CSRF</title>
<title>facebook-members - CSRF</title>
<references>
<secunia>52962</secunia>
<cve>2013-2703</cve>
@@ -5978,7 +5982,7 @@
<plugin name="foursquare-checkins">
<vulnerability>
<title>foursquare-checkins CSRF</title>
<title>foursquare-checkins - CSRF</title>
<references>
<secunia>53151</secunia>
<cve>2013-2709</cve>
@@ -5990,7 +5994,7 @@
<plugin name="formidable">
<vulnerability>
<title>formidable Pro Unspecified Vulnerabilities</title>
<title>formidable Pro - Unspecified Vulnerabilities</title>
<references>
<secunia>53121</secunia>
</references>
@@ -6001,7 +6005,7 @@
<plugin name="all-in-one-webmaster">
<vulnerability>
<title>all-in-one-webmaster CSRF</title>
<title>all-in-one-webmaster - CSRF</title>
<references>
<secunia>52877</secunia>
<cve>2013-2696</cve>
@@ -6043,7 +6047,7 @@
<plugin name="syntaxhighlighter">
<vulnerability>
<title>syntaxhighlighter clipboard.swf XSS</title>
<title>syntaxhighlighter - clipboard.swf XSS</title>
<references>
<secunia>53235</secunia>
</references>
@@ -6065,7 +6069,7 @@
<plugin name="easy-adsense-lite">
<vulnerability>
<title>easy-adsense-lite CSRF</title>
<title>easy-adsense-lite - CSRF</title>
<references>
<secunia>52953</secunia>
<cve>2013-2702</cve>
@@ -6086,7 +6090,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>uk-cookie CSRF</title>
<title>uk-cookie - CSRF</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
<osvdb>94032</osvdb>
@@ -6098,7 +6102,7 @@
<plugin name="wp-cleanfix">
<vulnerability>
<title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
<title>wp-cleanfix - Remote Command Execution, CSRF and XSS</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/186</url>
<url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>