garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update vuln db

Browse Source
This commit is contained in:
Peter
2014-03-29 21:53:03 +01:00
parent 10fee6e144
commit f01b0b3404
2 changed files with 114 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
data/plugin_vulns.xml
View File

@@ -11814,13 +11814,122 @@
<plugin name="wp-html-sitemap"> <plugin name="wp-html-sitemap">
<vulnerability> <vulnerability>
<title>CSRF vulnerability in WP HTML Sitemap 1.2</title> <title>WP HTML Sitemap 1.2 - wp-html-sitemap.html Sitemap Deletion CSRF</title>
<references> <references>
<osvdb>105084</osvdb>
<url>http://seclists.org/fulldisclosure/2014/Mar/400</url>
<url>https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/</url> <url>https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/</url>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="groups">
<vulnerability>
<title>Groups 1.4.5 - Negated Role Capability Handling Elevated Privilege Issue</title>
<references>
<osvdb>104940</osvdb>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.4.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="html5-jquery-audio-player">
<vulnerability>
<title>HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness</title>
<references>
<osvdb>104951</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.4</fixed_in>
</vulnerability>
<vulnerability>
<title>HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php id Parameter SQL Injection</title>
<references>
<osvdb>104952</osvdb>
</references>
<type>SQLI</type>
<fixed_in>2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="shrimptest">
<vulnerability>
<title>ShrimpTest 1.0b2 - plugins/metric-conversion.php Multiple Unspecified XSS</title>
<references>
<osvdb>104956</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - plugins/plugin-notification.php Unspecified XSS</title>
<references>
<osvdb>104957</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - plugins/variant-shortcode.php Unspecified XSS</title>
<references>
<osvdb>104958</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS</title>
<references>
<osvdb>104959</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - admin/experiment-new.php Multiple Unspecified XSS</title>
<references>
<osvdb>104960</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
</plugin>
<plugin name="activehelper-livehelp">
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/import/status.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104990</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/import/tracker.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104991</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/import/javascript.php Multiple Vector SQL Injection</title>
<references>
<osvdb>104992</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/frames.php DEPARTMENT Parameter SQL Injection</title>
<references>
<osvdb>104993</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
</plugin>
</vulnerabilities> </vulnerabilities>

5
data/wp_vulns.xml
View File

@@ -1658,6 +1658,7 @@
<vulnerability> <vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title> <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references> <references>
<osvdb>104693</osvdb>
<cve>2010-5293</cve> <cve>2010-5293</cve>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>
@@ -1792,10 +1793,11 @@
<vulnerability> <vulnerability>
<title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title> <title>When a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.</title>
<references> <references>
<osvdb>104691</osvdb>
<cve>2010-5297</cve> <cve>2010-5297</cve>
</references> </references>
<type>AUTHBYPASS</type> <type>AUTHBYPASS</type>
<fixed_in>3.0</fixed_in> <fixed_in>3.0.1</fixed_in>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>Crafted String URL Redirect Restriction Bypass</title> <title>Crafted String URL Redirect Restriction Bypass</title>
@@ -1838,6 +1840,7 @@
<vulnerability> <vulnerability>
<title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title> <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
<references> <references>
<osvdb>104693</osvdb>
<cve>2010-5293</cve> <cve>2010-5293</cve>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>