From e0ebd4773005a17070c38df8a5e532571dbc2c12 Mon Sep 17 00:00:00 2001
From: Peter <vanderlaan.pm@gmail.com>
Date: Sun, 18 May 2014 00:31:25 +0200
Subject: [PATCH] Update vuln db

---
 data/plugin_vulns.xml | 33 +++++++++++++++++++++++++++++++++
 data/theme_vulns.xml  |  9 +++++++++
 2 files changed, 42 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 1f7db67b..179f77cc 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -8090,6 +8090,15 @@
   </plugin>
 
   <plugin name="formidable">
+    <vulnerability>
+      <title>Formidable Forms 1.06.03 - ofc_upload_image.php Shell Upload Remote Code Execution</title>
+      <references>
+        <osvdb>106985</osvdb>
+        <url>http://www.securityfocus.com/bid/67390</url>
+        <url>http://packetstormsecurity.com/files/126583/</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
     <vulnerability>
       <title>formidable Pro - Unspecified Vulnerabilities</title>
       <references>
@@ -12637,4 +12646,28 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="bonuspressx">
+    <vulnerability>
+     <title>Bonuspressx - ar_submit.php n Parameter XSS</title>
+      <references>
+        <osvdb>106931</osvdb>
+        <url>http://packetstormsecurity.com/files/126595/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="profile-builder">
+    <vulnerability>
+     <title>Profile Builder 1.1.59 - front-end/wppb.recover.password.php Password Recovery Bypass</title>
+      <references>
+        <osvdb>106986</osvdb>
+        <secunia>58511</secunia>
+        <url>http://www.securityfocus.com/bid/67331</url>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>1.1.60</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index f426a3d0..1bfbd369 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -2792,6 +2792,15 @@
   </theme>
 
   <theme name="echelon">
+    <vulnerability>
+      <title>Echelon - media-upload.php Remote File Upload</title>
+      <references>
+        <osvdb>106929</osvdb>
+        <url>http://www.securityfocus.com/bid/67080</url>
+        <url>http://packetstormsecurity.com/files/126327/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
     <vulnerability>
       <title>Echelon 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
       <references>