Update theme_vulns.xml

2013-11-16 19:33:46 +01:00
parent 72619df02c
commit fbf2d827c2
1 changed files with 54 additions and 2 deletions
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1535,12 +1535,64 @@
      <type>RCE</type>
    </vulnerability>
    <vulnerability>
-      <title>Multiple vulnerabilities in Flash News theme for WordPress</title>
+      <title>Flash News - thumb.php src Parameter XSS</title>
      <references>
+        <osvdb>89887</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
      </references>
-      <type>MULTI</type>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - Multiple Script Path Disclosure</title>
+      <references>
+        <osvdb>89888</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>FPD</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - includes/test.php a Parameter XSS</title>
+      <references>
+        <osvdb>89889</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - includes/test.php Direct Request Information Disclosure</title>
+      <references>
+        <osvdb>89890</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - thumb.php src Parameter File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>89891</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - thumb.php src Parameter Remote DoS</title>
+      <references>
+        <osvdb>89892</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>UNKNOWN</type>
    </vulnerability>
  </theme>