garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update plugin_vulns.xml

Browse Source
This commit is contained in:
Peter van der Laan
2013-10-11 16:16:52 +02:00
parent 1cf9983ce7
commit ff9dd1c69d
1 changed files with 58 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
data/plugin_vulns.xml
View File

@@ -204,7 +204,7 @@
<plugin name="wp125">
<vulnerability>
<title>WP125 Multiple - XSS</title>
<title>WP125 - Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
@@ -253,7 +253,7 @@
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<title>Floating Social Media Links - Remote File Inclusion</title>
<references>
<secunia>51346</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
@@ -264,7 +264,7 @@
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum Arbitrary File Disclosure</title>
<title>Zingiri Forum - Arbitrary File Disclosure</title>
<references>
<secunia>50833</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
@@ -293,7 +293,7 @@
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile Full Path Disclosure vulnerability</title>
<title>extended-user-profile - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20118</url>
</references>
@@ -303,7 +303,7 @@
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show Full Path Disclosure vulnerability</title>
<title>superslider-show - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20117</url>
</references>
@@ -323,7 +323,7 @@
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<title>OpenInviter - Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/119265/</url>
</references>
@@ -333,7 +333,7 @@
<plugin name="wp_rokbox">
<vulnerability>
<title>RokBox Multiple Vulnerabilities</title>
<title>RokBox - Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploit/19981</url>
</references>
@@ -395,7 +395,7 @@
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget Full Path Disclosure</title>
<title>grou-random-image-widget - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20047</url>
</references>
@@ -405,14 +405,14 @@
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery Arbitrary File Upload Vulnerability</title>
<title>sintic_gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19993</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery Path Disclosure Vulnerability</title>
<title>sintic_gallery - Path Disclosure Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20020</url>
</references>
@@ -422,7 +422,7 @@
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline Full Path Disclosure</title>
<title>WP-UserOnline - Full Path Disclosure</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
@@ -439,7 +439,7 @@
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart Shell Upload / SQL Injection</title>
<title>Shopping Cart - Shell Upload, SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/119217/</url>
<secunia>51690</secunia>
@@ -502,7 +502,7 @@
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>sitepress-multilingual-cms Full Path Disclosure</title>
<title>sitepress-multilingual-cms - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20067</url>
</references>
@@ -649,7 +649,7 @@
<plugin name="power-zoomer">
<vulnerability>
<title>powerzoomer Arbitrary File Upload Vulnerability</title>
<title>powerzoomer - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20253</url>
</references>
@@ -727,7 +727,7 @@
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>wp-3dflick-slideshow Arbitrary File Upload Vulnerability</title>
<title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20255</url>
</references>
@@ -813,7 +813,7 @@
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>wp-homepage-slideshow Arbitrary File Upload Vulnerability</title>
<title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20260</url>
</references>
@@ -830,7 +830,7 @@
<plugin name="wp-image-news-slider">
<vulnerability>
<title>wp-image-news-slider Arbitrary File Upload Vulnerability</title>
<title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20259</url>
</references>
@@ -855,7 +855,7 @@
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow Arbitrary File Upload Vulnerability</title>
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20250</url>
</references>
@@ -882,7 +882,7 @@
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>wp-powerplaygallery Arbitrary File Upload Vulnerability</title>
<title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20252</url>
</references>
@@ -899,7 +899,7 @@
<plugin name="wp-royal-gallery">
<vulnerability>
<title>wp-royal-gallery Arbitrary File Upload Vulnerability</title>
<title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20261</url>
</references>
@@ -923,7 +923,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow Full Path Disclosure</title>
<title>wp superb Slideshow - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/19979</url>
</references>
@@ -953,7 +953,7 @@
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search Sql Injection</title>
<title>Ajax - Post Search Sql Injection</title>
<references>
<url>http://seclists.org/bugtraq/2012/Nov/33</url>
<secunia>51205</secunia>
@@ -977,7 +977,7 @@
<plugin name="catalog">
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<title>Catalog - HTML Code Injection and Cross-site scripting</title>
<references>
<url>http://packetstormsecurity.com/files/117820/</url>
<secunia>51143</secunia>
@@ -1021,7 +1021,7 @@
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery Multiple Vulnerabilities</title>
<title>Slideshow jQuery Image Gallery - Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-92.html</url>
</references>
@@ -1038,7 +1038,7 @@
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions Multiple Vulnerabilities</title>
<title>Social Discussions - Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
@@ -1048,7 +1048,7 @@
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal</title>
<title>ABtest - Directory Traversal</title>
<references>
<url>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
@@ -1073,7 +1073,7 @@
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery Information Disclosure</title>
<title>NextGen Cu3er Gallery - Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/116150/</url>
</references>
@@ -1083,7 +1083,7 @@
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget File Upload</title>
<title>Rich Widget - File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115787/</url>
</references>
@@ -1093,7 +1093,7 @@
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor Shell Upload</title>
<title>Monsters Editor - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115788/</url>
</references>
@@ -1145,7 +1145,7 @@
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker v2.5.4 - Persistent XSS</title>
<title>RSVPMaker 2.5.4 - Persistent XSS</title>
<references>
<exploitdb>20474</exploitdb>
<secunia>50289</secunia>
@@ -1167,7 +1167,7 @@
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload</title>
<title>Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114716/</url>
</references>
@@ -1177,7 +1177,7 @@
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict v1.0 - Blind SQL Injection</title>
<title>WP-Predict 1.0 - Blind SQL Injection</title>
<references>
<exploitdb>19715</exploitdb>
@@ -1200,7 +1200,7 @@
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget v0.8.7 - Blind SQL Injection</title>
<title>MoodThingy Widget 0.8.7 - Blind SQL Injection</title>
<references>
<exploitdb>19572</exploitdb>
</references>
@@ -1210,7 +1210,7 @@
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings v1.0.2 - Blind SQL Injection</title>
<title>Paid Business Listings 1.0.2 - Blind SQL Injection</title>
<references>
<exploitdb>19481</exploitdb>
</references>
@@ -1297,7 +1297,7 @@
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions - 2.0.1.3 - Arbitrary
<title>Auctions 2.0.1.3 - Arbitrary
File Upload Vulnerability
</title>
<references>
@@ -1359,9 +1359,7 @@
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 - Arbitrary
File Upload Vulnerability
</title>
<title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113571/</url>
</references>
@@ -1485,7 +1483,7 @@
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
<title>Custom Content Type Manager 0.9.5.13pl - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19058</exploitdb>
</references>
@@ -1522,7 +1520,7 @@
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload v0.5.4 - Arbitrary PHP File Upload</title>
<title>Front End Upload 0.5.4 - Arbitrary PHP File Upload</title>
<references>
<exploitdb>20083</exploitdb>
</references>
@@ -1659,14 +1657,14 @@
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
<title>Google Maps via Store Locator - Multiple Vulnerabilities</title>
<references>
<exploitdb>18989</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>store-locator-le SQL Injection</title>
<title>store-locator-le - SQL Injection</title>
<references>
<secunia>51757</secunia>
</references>
@@ -1698,7 +1696,7 @@
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - XSS / CSRF / SQL Injection</title>
<title>FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/117768/</url>
<secunia>51109</secunia>
@@ -2197,7 +2195,7 @@
<plugin name="cms-tree-page-view">
<vulnerability>
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
<title>CMS Tree Page View - XSS vulnerability</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23083</url>
</references>
@@ -2483,7 +2481,7 @@
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
<title>Click Desk Live Support Chat - Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/148</url>
</references>
@@ -2609,7 +2607,7 @@
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Symposium &quot;u&quot; XSS</title>
<title>WP Symposium - &quot;u&quot; XSS</title>
<references>
<secunia>52864</secunia>
</references>
@@ -2617,7 +2615,7 @@
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &quot;u&quot; Redirection Weakness</title>
<title>WP Symposium - &quot;u&quot; Redirection Weakness</title>
<references>
<secunia>52925</secunia>
</references>
@@ -2647,7 +2645,7 @@
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes v.1.0 - XSS</title>
<title>Beer Recipes 1.0 - XSS</title>
<references>
<exploitdb>17453</exploitdb>
</references>
@@ -2667,7 +2665,7 @@
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey (FCKeditor) Arbitrary File Upload</title>
<title>EditorMonkey - (FCKeditor) Arbitrary File Upload</title>
<references>
<exploitdb>17284</exploitdb>
</references>
@@ -2888,7 +2886,7 @@
<plugin name="user-photo">
<vulnerability>
<title>User Photo Component Remote File Upload Vulnerability</title>
<title>User Photo - Component Remote File Upload Vulnerability</title>
<references>
<exploitdb>16181</exploitdb>
<osvdb>71071</osvdb>
@@ -2900,7 +2898,7 @@
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace Multiple Vulnerabilities</title>
<title>Enable Media Replace - Multiple Vulnerabilities</title>
<references>
<exploitdb>16144</exploitdb>
</references>
@@ -2967,7 +2965,7 @@
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended Persistent XSS Vulnerability</title>
<title>Events Manager Extended - Persistent XSS Vulnerability</title>
<references>
<exploitdb>14923</exploitdb>
</references>
@@ -2994,7 +2992,7 @@
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker SQL Injection Vulnerability</title>
<title>myLDlinker - SQL Injection Vulnerability</title>
<references>
<exploitdb>14441</exploitdb>
</references>
@@ -3004,7 +3002,7 @@
<plugin name="firestats">
<vulnerability>
<title>Firestats Remote Configuration File Download</title>
<title>Firestats - Remote Configuration File Download</title>
<references>
<exploitdb>14308</exploitdb>
</references>
@@ -3014,7 +3012,7 @@
<plugin name="simple-press">
<vulnerability>
<title>Simple:Press SQL Injection Vulnerability</title>
<title>Simple Press - SQL Injection Vulnerability</title>
<references>
<exploitdb>14198</exploitdb>
</references>
@@ -3043,7 +3041,7 @@
<fixed_in>1.9.8</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in NextGEN Gallery &lt;= 1.5.1</title>
<title>NextGEN Gallery &lt;= 1.5.1 - XSS Vulnerability</title>
<references>
<exploitdb>12098</exploitdb>
</references>
@@ -3071,7 +3069,7 @@
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog SQL injection</title>
<title>Copperleaf Photolog - SQL injection</title>
<references>
<exploitdb>11458</exploitdb>
</references>
@@ -3081,7 +3079,7 @@
<plugin name="events-calendar">
<vulnerability>
<title>Events SQL Injection Vulnerability</title>
<title>Events Calendar - SQL Injection Vulnerability</title>
<references>
<exploitdb>10929</exploitdb>
<osvdb>95677</osvdb>
@@ -3090,7 +3088,7 @@
<fixed_in>6.7.10</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Events Calendar wp-admin/admin.php EC_id Parameter XSS</title>
<title>Events Calendar - wp-admin/admin.php EC_id Parameter XSS</title>
<references>
<osvdb>74705</osvdb>
</references>
@@ -3118,7 +3116,7 @@
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
<title>WP-Cumulus - Cross Site Scripting Vulnerabily</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Nov/340</url>
</references>