From fbf2d827c29e195eba5c614f2e13459dcab4959d Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 16 Nov 2013 19:33:46 +0100
Subject: [PATCH] Update theme_vulns.xml

---
 data/theme_vulns.xml | 56 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 16feb4c9..12ca9d64 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1535,12 +1535,64 @@
       <type>RCE</type>
     </vulnerability>
     <vulnerability>
-      <title>Multiple vulnerabilities in Flash News theme for WordPress</title>
+      <title>Flash News - thumb.php src Parameter XSS</title>
       <references>
+        <osvdb>89887</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
         <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
         <url>http://cxsecurity.com/issue/WLB-2013020010</url>
       </references>
-      <type>MULTI</type>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - Multiple Script Path Disclosure</title>
+      <references>
+        <osvdb>89888</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>FPD</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - includes/test.php a Parameter XSS</title>
+      <references>
+        <osvdb>89889</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - includes/test.php Direct Request Information Disclosure</title>
+      <references>
+        <osvdb>89890</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - thumb.php src Parameter File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>89891</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Flash News - thumb.php src Parameter Remote DoS</title>
+      <references>
+        <osvdb>89892</osvdb>
+        <url>http://packetstormsecurity.com/files/120037/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
+        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
+      </references>
+      <type>UNKNOWN</type>
     </vulnerability>
   </theme>