From db82b2584ce7342a816416bb6376b20ab4bd6430 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 13 Oct 2013 09:45:32 +0200
Subject: [PATCH] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 86 ++++++++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 41 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 38f23238..e031715c 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,21 +5,23 @@
 
   <plugin name="content-slide">
     <vulnerability>
-      <title>Content Slide - Cross-Site Requst Forgery Vulnerability</title>
-      <type>CSRF</type>
+      <title>Content Slide 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
       <references>
         <osvdb>93871</osvdb>
+        <cve>2013-2708</cve>
         <secunia>52949</secunia>
       </references>
+      <type>CSRF</type>
     </vulnerability>
   </plugin>
 
   <plugin name="wordpress-simple-paypal-shopping-cart">
     <vulnerability>
-      <title>Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability</title>
+      <title>Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability</title>
       <references>
-        <secunia>52963</secunia>
         <osvdb>93953</osvdb>
+        <cve>2013-2705</cve>
+        <secunia>52963</secunia>
       </references>
       <type>CSRF</type>
       <fixed_in>3.6</fixed_in>
@@ -28,18 +30,19 @@
 
   <plugin name="wp-sendsms">
     <vulnerability>
-      <title>WP-SendSMS - Setting Manipulation CSRF</title>
+      <title>WP-SendSMS 1.0 - Setting Manipulation CSRF</title>
       <references>
-        <secunia>53796</secunia>
         <osvdb>94209</osvdb>
+        <secunia>53796</secunia>
         <exploitdb>26124</exploitdb>
       </references>
       <type>CSRF</type>
     </vulnerability>
     <vulnerability>
-      <title>WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS</title>
+      <title>WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS</title>
       <references>
         <osvdb>94210</osvdb>
+        <exploitdb>26124</exploitdb>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -4261,6 +4264,8 @@
     <vulnerability>
       <title>Extend 1.3.7 - Shell Upload vulnerability</title>
       <references>
+        <osvdb>75638</osvdb>
+        <cve>2011-4106</cve>
         <exploitdb>17872</exploitdb>
       </references>
       <type>UPLOAD</type>
@@ -5098,7 +5103,7 @@
 
   <plugin name="gotmls">
     <vulnerability>
-      <title>Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
+      <title>Get Off Malicious Scripts - Cross-Site Scripting Vulnerability</title>
       <references>
         <secunia>50030</secunia>
       </references>
@@ -5131,7 +5136,7 @@
 
   <plugin name="wp-explorer-gallery">
     <vulnerability>
-      <title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title>
+      <title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20251</url>
       </references>
@@ -5141,7 +5146,7 @@
 
   <plugin name="accordion">
     <vulnerability>
-      <title>accordion Arbitrary File Upload Vulnerability</title>
+      <title>accordion - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20254</url>
       </references>
@@ -5151,7 +5156,7 @@
 
   <plugin name="wp-catpro">
     <vulnerability>
-      <title>wp-catpro Arbitrary File Upload Vulnerability</title>
+      <title>wp-catpro - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20256</url>
       </references>
@@ -5242,7 +5247,7 @@
 
   <plugin name="forumconverter">
     <vulnerability>
-      <title>ForumConverter SQL Injection Vulnerability</title>
+      <title>ForumConverter - SQL Injection Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20275</url>
       </references>
@@ -5252,7 +5257,7 @@
 
   <plugin name="newsletter">
     <vulnerability>
-      <title>Newsletter SQL Injection Vulnerability</title>
+      <title>Newsletter - SQL Injection Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20287</url>
       </references>
@@ -5271,7 +5276,7 @@
 
   <plugin name="commentluv">
     <vulnerability>
-      <title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
+      <title>CommentLuv - Cross Site Scripting Vulnerability</title>
       <references>
         <url>https://www.htbridge.com/advisory/HTB23138</url>
         <url>http://packetstormsecurity.com/files/120090/</url>
@@ -5373,7 +5378,7 @@
 
   <plugin name="smart-flv">
     <vulnerability>
-      <title>smart-flv jwplayer.swf XSS</title>
+      <title>smart-flv - jwplayer.swf XSS</title>
       <references>
         <url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
         <url>http://packetstormsecurity.com/files/115100/</url>
@@ -5397,7 +5402,6 @@
     <vulnerability>
       <title>PHP Shell Plugin</title>
       <references>
-
         <url>https://github.com/wpscanteam/wpscan/issues/138</url>
         <url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
       </references>
@@ -5407,7 +5411,7 @@
 
   <plugin name="marekkis-watermark">
     <vulnerability>
-      <title>Marekkis Watermark Cross Site Scripting</title>
+      <title>Marekkis Watermark - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/120378/</url>
       </references>
@@ -5417,7 +5421,7 @@
 
   <plugin name="responsive-logo-slideshow">
     <vulnerability>
-      <title>Responsive Logo Slideshow Cross Site Scripting</title>
+      <title>Responsive Logo Slideshow - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/120379/</url>
       </references>
@@ -5717,7 +5721,7 @@
 
   <plugin name="vkontakte-api">
     <vulnerability>
-      <title>vkontakte-api XSS vulnerability</title>
+      <title>vkontakte-api - XSS vulnerability</title>
       <references>
         <url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
         <cve>2009-4168</cve>
@@ -5728,7 +5732,7 @@
 
   <plugin name="terillion-reviews">
     <vulnerability>
-      <title>Terillion Reviews Cross Site Scripting</title>
+      <title>Terillion Reviews - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/120730/</url>
       </references>
@@ -5792,7 +5796,7 @@
 
   <plugin name="wp-banners-lite">
     <vulnerability>
-      <title>XSS vulnerability on WP-Banners-Lite</title>
+      <title>WP-Banners-Lite - XSS vulnerability</title>
       <references>
         <url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
         <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
@@ -5828,7 +5832,7 @@
 
   <plugin name="chikuncount">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5838,7 +5842,7 @@
 
   <plugin name="open-flash-chart-core-wordpress-plugin">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
         <secunia>37903</secunia>
@@ -5851,7 +5855,7 @@
 
   <plugin name="spamtask">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5861,7 +5865,7 @@
 
   <plugin name="php-analytics">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5871,7 +5875,7 @@
 
   <plugin name="seo-spy-google-wordpress-plugin">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5881,7 +5885,7 @@
 
   <plugin name="wp-seo-spy-google">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5901,7 +5905,7 @@
 
   <plugin name="fbsurveypro">
     <vulnerability>
-      <title>fbsurveypro XSS Vulnerability</title>
+      <title>fbsurveypro - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20623</url>
       </references>
@@ -5911,7 +5915,7 @@
 
   <plugin name="timelineoptinpro">
     <vulnerability>
-      <title>timelineoptinpro XSS Vulnerability</title>
+      <title>timelineoptinpro - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20620</url>
       </references>
@@ -5921,7 +5925,7 @@
 
   <plugin name="kioskprox">
     <vulnerability>
-      <title>kioskprox XSS Vulnerability</title>
+      <title>kioskprox - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20624</url>
       </references>
@@ -5931,7 +5935,7 @@
 
   <plugin name="bigcontact">
     <vulnerability>
-      <title>bigcontact SQLI</title>
+      <title>bigcontact - SQLI</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset/689798</url>
       </references>
@@ -5942,7 +5946,7 @@
 
   <plugin name="drawblog">
     <vulnerability>
-      <title>drawblog CSRF</title>
+      <title>drawblog - CSRF</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset/691178</url>
       </references>
@@ -5953,7 +5957,7 @@
 
   <plugin name="social-media-widget">
     <vulnerability>
-      <title>social-media-widget malicious code</title>
+      <title>social-media-widget - malicious code</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
         <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
@@ -5966,7 +5970,7 @@
 
   <plugin name="facebook-members">
     <vulnerability>
-      <title>facebook-members CSRF</title>
+      <title>facebook-members - CSRF</title>
       <references>
         <secunia>52962</secunia>
         <cve>2013-2703</cve>
@@ -5978,7 +5982,7 @@
 
   <plugin name="foursquare-checkins">
     <vulnerability>
-      <title>foursquare-checkins CSRF</title>
+      <title>foursquare-checkins - CSRF</title>
       <references>
         <secunia>53151</secunia>
         <cve>2013-2709</cve>
@@ -5990,7 +5994,7 @@
 
   <plugin name="formidable">
     <vulnerability>
-      <title>formidable Pro Unspecified Vulnerabilities</title>
+      <title>formidable Pro - Unspecified Vulnerabilities</title>
       <references>
         <secunia>53121</secunia>
       </references>
@@ -6001,7 +6005,7 @@
 
   <plugin name="all-in-one-webmaster">
     <vulnerability>
-      <title>all-in-one-webmaster CSRF</title>
+      <title>all-in-one-webmaster - CSRF</title>
       <references>
         <secunia>52877</secunia>
         <cve>2013-2696</cve>
@@ -6043,7 +6047,7 @@
 
   <plugin name="syntaxhighlighter">
     <vulnerability>
-      <title>syntaxhighlighter clipboard.swf XSS</title>
+      <title>syntaxhighlighter - clipboard.swf XSS</title>
       <references>
         <secunia>53235</secunia>
       </references>
@@ -6065,7 +6069,7 @@
 
   <plugin name="easy-adsense-lite">
     <vulnerability>
-      <title>easy-adsense-lite CSRF</title>
+      <title>easy-adsense-lite - CSRF</title>
       <references>
         <secunia>52953</secunia>
         <cve>2013-2702</cve>
@@ -6086,7 +6090,7 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>uk-cookie CSRF</title>
+      <title>uk-cookie - CSRF</title>
       <references>
         <url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
         <osvdb>94032</osvdb>
@@ -6098,7 +6102,7 @@
 
   <plugin name="wp-cleanfix">
     <vulnerability>
-      <title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
+      <title>wp-cleanfix - Remote Command Execution, CSRF and XSS</title>
       <references>
         <url>https://github.com/wpscanteam/wpscan/issues/186</url>
         <url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>