From ff9dd1c69d0ae1cc1b86ff9e75748c9691c3c51e Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 16:16:52 +0200 Subject: [PATCH] Update plugin_vulns.xml --- data/plugin_vulns.xml | 118 +++++++++++++++++++++--------------------- 1 file changed, 58 insertions(+), 60 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 0d15a856..a247733f 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -204,7 +204,7 @@ - WP125 Multiple - XSS + WP125 - Multiple XSS 50976 @@ -253,7 +253,7 @@ - Floating Social Media Links Remote File Inclusion + Floating Social Media Links - Remote File Inclusion 51346 http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ @@ -264,7 +264,7 @@ - Zingiri Forum Arbitrary File Disclosure + Zingiri Forum - Arbitrary File Disclosure 50833 http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ @@ -293,7 +293,7 @@ - extended-user-profile Full Path Disclosure vulnerability + extended-user-profile - Full Path Disclosure vulnerability http://1337day.com/exploit/20118 @@ -303,7 +303,7 @@ - superslider-show Full Path Disclosure vulnerability + superslider-show - Full Path Disclosure vulnerability http://1337day.com/exploit/20117 @@ -323,7 +323,7 @@ - OpenInviter Information Disclosure + OpenInviter - Information Disclosure http://packetstormsecurity.com/files/119265/ @@ -333,7 +333,7 @@ - RokBox Multiple Vulnerabilities + RokBox - Multiple Vulnerabilities http://1337day.com/exploit/19981 @@ -395,7 +395,7 @@ - grou-random-image-widget Full Path Disclosure + grou-random-image-widget - Full Path Disclosure http://1337day.com/exploit/20047 @@ -405,14 +405,14 @@ - sintic_gallery Arbitrary File Upload Vulnerability + sintic_gallery - Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD - sintic_gallery Path Disclosure Vulnerability + sintic_gallery - Path Disclosure Vulnerability http://1337day.com/exploit/20020 @@ -422,7 +422,7 @@ - WP-UserOnline Full Path Disclosure + WP-UserOnline - Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 @@ -439,7 +439,7 @@ - Shopping Cart Shell Upload / SQL Injection + Shopping Cart - Shell Upload, SQL Injection http://packetstormsecurity.com/files/119217/ 51690 @@ -502,7 +502,7 @@ - sitepress-multilingual-cms Full Path Disclosure + sitepress-multilingual-cms - Full Path Disclosure http://1337day.com/exploit/20067 @@ -649,7 +649,7 @@ - powerzoomer Arbitrary File Upload Vulnerability + powerzoomer - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20253 @@ -727,7 +727,7 @@ - wp-3dflick-slideshow Arbitrary File Upload Vulnerability + wp-3dflick-slideshow - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20255 @@ -813,7 +813,7 @@ - wp-homepage-slideshow Arbitrary File Upload Vulnerability + wp-homepage-slideshow - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20260 @@ -830,7 +830,7 @@ - wp-image-news-slider Arbitrary File Upload Vulnerability + wp-image-news-slider - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20259 @@ -855,7 +855,7 @@ - wp-levoslideshow Arbitrary File Upload Vulnerability + wp-levoslideshow - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20250 @@ -882,7 +882,7 @@ - wp-powerplaygallery Arbitrary File Upload Vulnerability + wp-powerplaygallery - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20252 @@ -899,7 +899,7 @@ - wp-royal-gallery Arbitrary File Upload Vulnerability + wp-royal-gallery - Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20261 @@ -923,7 +923,7 @@ XSS - wp superb Slideshow Full Path Disclosure + wp superb Slideshow - Full Path Disclosure http://1337day.com/exploit/19979 @@ -953,7 +953,7 @@ - Ajax Post Search Sql Injection + Ajax - Post Search Sql Injection http://seclists.org/bugtraq/2012/Nov/33 51205 @@ -977,7 +977,7 @@ - Catalog HTML Code Injection and Cross-site scripting + Catalog - HTML Code Injection and Cross-site scripting http://packetstormsecurity.com/files/117820/ 51143 @@ -1021,7 +1021,7 @@ - Slideshow jQuery Image Gallery Multiple Vulnerabilities + Slideshow jQuery Image Gallery - Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html @@ -1038,7 +1038,7 @@ - Social Discussions Multiple Vulnerabilities + Social Discussions - Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html @@ -1048,7 +1048,7 @@ - ABtest Directory Traversal + ABtest - Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 @@ -1073,7 +1073,7 @@ - NextGen Cu3er Gallery Information Disclosure + NextGen Cu3er Gallery - Information Disclosure http://packetstormsecurity.com/files/116150/ @@ -1083,7 +1083,7 @@ - Rich Widget File Upload + Rich Widget - File Upload http://packetstormsecurity.com/files/115787/ @@ -1093,7 +1093,7 @@ - Monsters Editor Shell Upload + Monsters Editor - Shell Upload http://packetstormsecurity.com/files/115788/ @@ -1145,7 +1145,7 @@ - RSVPMaker v2.5.4 - Persistent XSS + RSVPMaker 2.5.4 - Persistent XSS 20474 50289 @@ -1167,7 +1167,7 @@ - Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload + Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload http://packetstormsecurity.com/files/114716/ @@ -1177,7 +1177,7 @@ - WP-Predict v1.0 - Blind SQL Injection + WP-Predict 1.0 - Blind SQL Injection 19715 @@ -1200,7 +1200,7 @@ - MoodThingy Widget v0.8.7 - Blind SQL Injection + MoodThingy Widget 0.8.7 - Blind SQL Injection 19572 @@ -1210,7 +1210,7 @@ - Paid Business Listings v1.0.2 - Blind SQL Injection + Paid Business Listings 1.0.2 - Blind SQL Injection 19481 @@ -1297,7 +1297,7 @@ - Auctions - 2.0.1.3 - Arbitrary + <title>Auctions 2.0.1.3 - Arbitrary File Upload Vulnerability @@ -1359,9 +1359,7 @@ - Contus Video Gallery 1.3 - Arbitrary - File Upload Vulnerability - + Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113571/ @@ -1485,7 +1483,7 @@ - Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability + Custom Content Type Manager 0.9.5.13pl - Arbitrary File Upload Vulnerability 19058 @@ -1522,7 +1520,7 @@ UPLOAD - Front End Upload v0.5.4 - Arbitrary PHP File Upload + Front End Upload 0.5.4 - Arbitrary PHP File Upload 20083 @@ -1659,14 +1657,14 @@ - Google Maps via Store Locator Multiple Vulnerabilities + Google Maps via Store Locator - Multiple Vulnerabilities 18989 MULTI - store-locator-le SQL Injection + store-locator-le - SQL Injection 51757 @@ -1698,7 +1696,7 @@ UPLOAD - FoxyPress 0.4.2.5 - XSS / CSRF / SQL Injection + FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection http://packetstormsecurity.com/files/117768/ 51109 @@ -2197,7 +2195,7 @@ - XSS vulnerability in CMS Tree Page View Plugin + CMS Tree Page View - XSS vulnerability https://www.htbridge.com/advisory/HTB23083 @@ -2483,7 +2481,7 @@ - Click Desk Live Support Chat Cross Site Scripting Vulnerability + Click Desk Live Support Chat - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 @@ -2609,7 +2607,7 @@ SQLI - WP Symposium "u" XSS + WP Symposium - "u" XSS 52864 @@ -2617,7 +2615,7 @@ 13.04 - WP Symposium "u" Redirection Weakness + WP Symposium - "u" Redirection Weakness 52925 @@ -2647,7 +2645,7 @@ - Beer Recipes v.1.0 - XSS + Beer Recipes 1.0 - XSS 17453 @@ -2667,7 +2665,7 @@ - EditorMonkey (FCKeditor) Arbitrary File Upload + EditorMonkey - (FCKeditor) Arbitrary File Upload 17284 @@ -2888,7 +2886,7 @@ - User Photo Component Remote File Upload Vulnerability + User Photo - Component Remote File Upload Vulnerability 16181 71071 @@ -2900,7 +2898,7 @@ - Enable Media Replace Multiple Vulnerabilities + Enable Media Replace - Multiple Vulnerabilities 16144 @@ -2967,7 +2965,7 @@ - Events Manager Extended Persistent XSS Vulnerability + Events Manager Extended - Persistent XSS Vulnerability 14923 @@ -2994,7 +2992,7 @@ - myLDlinker SQL Injection Vulnerability + myLDlinker - SQL Injection Vulnerability 14441 @@ -3004,7 +3002,7 @@ - Firestats Remote Configuration File Download + Firestats - Remote Configuration File Download 14308 @@ -3014,7 +3012,7 @@ - Simple:Press SQL Injection Vulnerability + Simple Press - SQL Injection Vulnerability 14198 @@ -3043,7 +3041,7 @@ 1.9.8 - XSS in NextGEN Gallery <= 1.5.1 + NextGEN Gallery <= 1.5.1 - XSS Vulnerability 12098 @@ -3071,7 +3069,7 @@ - Copperleaf Photolog SQL injection + Copperleaf Photolog - SQL injection 11458 @@ -3081,7 +3079,7 @@ - Events SQL Injection Vulnerability + Events Calendar - SQL Injection Vulnerability 10929 95677 @@ -3090,7 +3088,7 @@ 6.7.10 - WP Events Calendar wp-admin/admin.php EC_id Parameter XSS + Events Calendar - wp-admin/admin.php EC_id Parameter XSS 74705 @@ -3118,7 +3116,7 @@ MULTI - WP-Cumulus Cross Site Scripting Vulnerabily + WP-Cumulus - Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340