added some secunia advisories

2013-05-19 12:54:06 +02:00
parent 628c9a0f4f
commit ebfe2ef08d
1 changed files with 93 additions and 1 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1451,6 +1451,12 @@
      <type>XSS</type>
      <fixed_in>3.0.4.1</fixed_in>
    </vulnerability>
+    <vulnerability>
+      <title>WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/52950/</reference>
+      <type>CSRF</type>
+      <fixed_in>3.1</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="media-library-categories">
@@ -1924,6 +1930,12 @@
      <reference>http://packetstormsecurity.org/files/112704</reference>
      <type>XSS</type>
    </vulnerability>
+    <vulnerability>
+      <title>WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability</title>
+      <reference>http://secunia.com/advisories/53356/</reference>
+      <type>SQLI</type>
+      <fixed_in>2.56</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="php_speedy_wp">
@@ -2392,6 +2404,12 @@
      <reference>http://www.exploit-db.com/exploits/4844/</reference>
      <type>UPLOAD</type>
    </vulnerability>
+    <vulnerability>
+      <title>WordPress wp-FileManager File Download Vulnerability</title>
+      <reference>http://secunia.com/advisories/53421/</reference>
+      <type>UNKNOWN</type>
+      <fixed_in>1.4.0</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="pictpress">
@@ -3123,6 +3141,12 @@
      <type>XSS</type>
      <fixed_in>4.9.3</fixed_in>
    </vulnerability>
+    <vulnerability>
+      <title>WordPress WP Photo Album Plus Plugin "commentid" Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53105/</reference>
+      <type>XSS</type>
+      <fixed_in>5.0.3</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="backwpup">
@@ -3381,6 +3405,12 @@
      <reference>http://secunia.com/advisories/50982/</reference>
      <type>XSS</type>
    </vulnerability>
+    <vulnerability>
+      <title>WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/53127/</reference>
+      <type>CSRF</type>
+      <fixed_in>1.63</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="dx-contribute">
@@ -3769,6 +3799,13 @@
      <reference>http://www.1337day.com/exploit/20287</reference>
      <type>SQLI</type>
    </vulnerability>
+    <vulnerability>
+      <title>WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53398/</reference>
+      <reference>http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php</reference>
+      <type>XSS</type>
+      <fixed_in>3.2.7</fixed_in>
+    </vulnerability>
  </plugin>

  <plugin name="commentluv">
@@ -4415,7 +4452,8 @@

  <plugin name="mail-on-update">
    <vulnerability>
-      <title>CVE-2013-2107: mail-on-update plugin CSRF</title>
+      <title>mail-on-update plugin CSRF</title>
+      <reference>http://secunia.com/advisories/53449/</reference>
      <reference>http://www.openwall.com/lists/oss-security/2013/05/16/8</reference>
      <type>CSRF</type>
    </vulnerability>
@@ -4429,4 +4467,58 @@
    </vulnerability>
  </plugin>

+  <plugin name="related-posts-by-zemanta">
+    <vulnerability>
+      <title>WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/53321/</reference>
+      <type>CSRF</type>
+      <fixed_in>1.3.2</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="wordpress-23-related-posts-plugin">
+    <vulnerability>
+      <title>WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/53279/</reference>
+      <type>CSRF</type>
+      <fixed_in>2.6.2</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="related-posts">
+    <vulnerability>
+      <title>WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/53122/</reference>
+      <type>CSRF</type>
+      <fixed_in>2.7.2</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="wp-print-friendly">
+    <vulnerability>
+      <title>WordPress WP Print Friendly Plugin Security Bypass Vulnerability</title>
+      <reference>http://secunia.com/advisories/53371/</reference>
+      <type>UNKNOWN</type>
+      <fixed_in>0.5.3</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="contextual-related-posts">
+    <vulnerability>
+      <title>WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/52960/</reference>
+      <type>CSRF</type>
+      <fixed_in>1.8.7</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="calendar">
+    <vulnerability>
+      <title>WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability</title>
+      <reference>http://secunia.com/advisories/52841/</reference>
+      <type>CSRF</type>
+      <fixed_in>1.3.3</fixed_in>
+    </vulnerability>
+  </plugin>
+  
 </vulnerabilities>