2971 lines
86 KiB
XML
2971 lines
86 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:noNamespaceSchemaLocation="vuln.xsd">
|
|
|
|
<theme name="crius">
|
|
<vulnerability>
|
|
<title>VideoJS Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53427</secunia>
|
|
<url>http://seclists.org/fulldisclosure/2013/May/77</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="source">
|
|
<vulnerability>
|
|
<title>VideoJS Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53457</secunia>
|
|
<url>http://seclists.org/fulldisclosure/2013/May/77</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="i-love-it">
|
|
<vulnerability>
|
|
<title>VideoJS Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53548</secunia>
|
|
<url>http://seclists.org/fulldisclosure/2013/May/77</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="smartstart">
|
|
<vulnerability>
|
|
<title>VideoJS Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53460</secunia>
|
|
<url>http://seclists.org/fulldisclosure/2013/May/77</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="covertvideopress">
|
|
<vulnerability>
|
|
<title>VideoJS Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53494</secunia>
|
|
<url>http://seclists.org/fulldisclosure/2013/May/77</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="photolio">
|
|
<vulnerability>
|
|
<title>VideoJS Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<url>http://seclists.org/fulldisclosure/2013/May/77</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="onepagewebsite">
|
|
<vulnerability>
|
|
<title>onepagewebsite Full Path Disclosure vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20027</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="vithy">
|
|
<vulnerability>
|
|
<title>vithy - Full Path Disclosure vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20040</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>vithy - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/19830</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="appius">
|
|
<vulnerability>
|
|
<title>appius - Full Path Disclosure vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20039</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>appius - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/19831</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="yvora">
|
|
<vulnerability>
|
|
<title>yvora - Full Path Disclosure vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20038</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>yvora - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/19834</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="shotzz">
|
|
<vulnerability>
|
|
<title>Shotzz - Full Path Disclosure vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20041</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Shotzz - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/19829</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="dagda">
|
|
<vulnerability>
|
|
<title>dagda - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/19832</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="moneymasters">
|
|
<vulnerability>
|
|
<title>moneymasters - Full Path Disclosure vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20077</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>moneymasters - File Upload Vulnerability (metasploit)</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20076</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ovum">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Imediapixel premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="avanix">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Imediapixel premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ebiz">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Imediapixel premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ecobiz">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Imediapixel premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="traject">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Parallelus premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="intersect">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Parallelus premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="salutation">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Parallelus premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="unite">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in Parallelus premium WordPress themes</title>
|
|
<references>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="shapeless">
|
|
<vulnerability>
|
|
<title>Shapeless - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85919</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="brisk">
|
|
<vulnerability>
|
|
<title>Brisk - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85918</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="blaze">
|
|
<vulnerability>
|
|
<title>Blaze - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85917</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="eunice">
|
|
<vulnerability>
|
|
<title>Eunice - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85916</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="explicit">
|
|
<vulnerability>
|
|
<title>Explicit - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85915</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="essence">
|
|
<vulnerability>
|
|
<title>Essence - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85914</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="paramount">
|
|
<vulnerability>
|
|
<title>Paramount - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85913</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="picturefactory">
|
|
<vulnerability>
|
|
<title>PictureFactory - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85912</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="sparky">
|
|
<vulnerability>
|
|
<title>Sparky - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85911</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="theagency">
|
|
<vulnerability>
|
|
<title>TheAgency - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85910</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="konzept">
|
|
<vulnerability>
|
|
<title>Konzept - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85920</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="daisho">
|
|
<vulnerability>
|
|
<title>Daisho - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>85921</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="choices">
|
|
<vulnerability>
|
|
<title>Choices - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86755</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="brightbox">
|
|
<vulnerability>
|
|
<title>Brightbox - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86756</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="broadscope">
|
|
<vulnerability>
|
|
<title>Broadscope - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86757</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="corona">
|
|
<vulnerability>
|
|
<title>Corona - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86758</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="flashlight">
|
|
<vulnerability>
|
|
<title>Flashlight - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86759</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="coalition">
|
|
<vulnerability>
|
|
<title>Coalition - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86760</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="shoutbox">
|
|
<vulnerability>
|
|
<title>Shoutbox - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86761</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="velvet">
|
|
<vulnerability>
|
|
<title>Velvet - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86762</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="upscale">
|
|
<vulnerability>
|
|
<title>Upscale - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86763</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="expose">
|
|
<vulnerability>
|
|
<title>Expose - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86764</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="abundance">
|
|
<vulnerability>
|
|
<title>Abundance - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86765</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="eunoia">
|
|
<vulnerability>
|
|
<title>Eunoia - Unspecified XSS</title>
|
|
<references>
|
|
<osvdb>86766</osvdb>
|
|
<url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="wise">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="webfolio">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="colorbold">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="rockwell">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="xmas">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="designpile">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="alltuts">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="boldy">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="simplo">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="diary">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="journalcrunch">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="prosume">
|
|
<vulnerability>
|
|
<title>Site5 Wordpress Themes Email Spoofing</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/114750/</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="famous">
|
|
<vulnerability>
|
|
<title>Famous 2.0.5 - Shell Upload</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/113842/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="deep-blue">
|
|
<vulnerability>
|
|
<title>Deep-Blue 1.9.2 - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.org/files/113843/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="classipress">
|
|
<vulnerability>
|
|
<title>Classipress <= 3.1.4 - Stored XSS</title>
|
|
<references>
|
|
<exploitdb>18053</exploitdb>
|
|
<url>http://cxsecurity.com/issue/WLB-2011110001</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="merchant">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="smpl">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="drawar">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="sentient">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="whitelight">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="unsigned">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="shelflife">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="olya">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="sliding">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="beveled">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="empire-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="buro-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="briefed-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="wikeasi">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="currents">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="emporium">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="biznizz-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="kaboodle-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="inspire-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="teamster">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="argentum">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="statua-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="simplicity-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="canvas-commerce">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="wootique">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="woostore">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="coquette">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="buro">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="swatch">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="announcement">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="empire">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="supportpress">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="editorial">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="statua">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="briefed">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="faultpress">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="kaboodle">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="savinggrace">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="premiere">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="simplicity">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="deliciousmagazine">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="bookclub">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="boldnews">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="placeholder">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="biznizz">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="auld">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="listings">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="elefolio">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="chapters">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="continuum">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="diner">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="skeptical">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="caffeinated">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="crisp">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="sealight">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="estate">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="tma">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="coda">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="inspire">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="apz">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="spectrum">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="diarise">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="boast">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="retreat">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="cityguide">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="canvas">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="postcard">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="delegate">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="mystream">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="optimize">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="backstage">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="bueno">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="digitalfarm">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="headlines">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="therapy">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="rockstar">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="DailyDeal">
|
|
<vulnerability>
|
|
<title>DailyDeal - File Upload Remote Code Execution</title>
|
|
<references>
|
|
<osvdb>98924</osvdb>
|
|
<url>http://packetstormsecurity.com/files/123748/</url>
|
|
<url>http://templatic.com/app-themes/daily-deal-premium-wordpress-app-theme</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="dailyedition">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="object">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="coffeebreak">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="mainstream">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="featurepitch">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="thejournal">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="aperture">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="metamorphosis">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="bloggingstream">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="thestation">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="groovyvideo">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="irresistible">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="cushy">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="wootube">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="abstract">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="busybee">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="blogtheme">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="typebased">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="overeasy">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="snapshot">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="openair">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="freshnews">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="livewire">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="flashnews">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Flash News - thumb.php src Parameter XSS</title>
|
|
<references>
|
|
<osvdb>89887</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120037/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020010</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Flash News - Multiple Script Path Disclosure</title>
|
|
<references>
|
|
<osvdb>89888</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120037/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020010</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Flash News - includes/test.php a Parameter XSS</title>
|
|
<references>
|
|
<osvdb>89889</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120037/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020010</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Flash News - includes/test.php Direct Request Information Disclosure</title>
|
|
<references>
|
|
<osvdb>89890</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120037/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020010</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Flash News - thumb.php src Parameter File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>89891</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120037/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020010</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Flash News - thumb.php src Parameter Remote DoS</title>
|
|
<references>
|
|
<osvdb>89892</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120037/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020010</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="gazette">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="premiumnews">
|
|
<vulnerability>
|
|
<title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
|
|
<references>
|
|
<url>https://gist.github.com/2523147</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="dt-chocolate">
|
|
<vulnerability>
|
|
<title>dt-chocolate - jPlayer XSS</title>
|
|
<references>
|
|
<secunia>56379</secunia>
|
|
<url>http://packetstormsecurity.com/files/124756/</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>dt-chocolate - Image Open redirect</title>
|
|
<references>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020011</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Multiple vulnerabilities in Chocolate WP theme for WordPress</title>
|
|
<references>
|
|
<url>http://seclists.org/fulldisclosure/2013/Jan/215</url>
|
|
</references>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="sandbox">
|
|
<vulnerability>
|
|
<title>sandbox - Arbitrary File Upload/FD Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20228</url>
|
|
</references>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="clockstone">
|
|
<vulnerability>
|
|
<title>Clockstone 1.2 - upload.php Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<osvdb>88622</osvdb>
|
|
<secunia>51619</secunia>
|
|
<url>http://www.exploit-db.com/exploits/23494</url>
|
|
<url>http://www.securityfocus.com/bid/56988</url>
|
|
<url>http://xforce.iss.net/xforce/xfdb/80725</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="archin">
|
|
<vulnerability>
|
|
<title>Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
|
|
<references>
|
|
<secunia>50711</secunia>
|
|
</references>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="purity">
|
|
<vulnerability>
|
|
<title>Purity - Multiple Cross-Site Scripting Vulnerabilities</title>
|
|
<references>
|
|
<secunia>50627</secunia>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="pinboard">
|
|
<vulnerability>
|
|
<title>Pinboard 1.0.6 - includes/theme-options.php tab Parameter XSS</title>
|
|
<references>
|
|
<osvdb>90070</osvdb>
|
|
<cve>2013-0286</cve>
|
|
<secunia>52079</secunia>
|
|
<url>http://seclists.org/oss-sec/2013/q1/274</url>
|
|
<url>http://cxsecurity.com/issue/WLB-2013020062</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Pinboard - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124151/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="montezuma">
|
|
<vulnerability>
|
|
<title>montezuma <= 1.1.3 - XSS in ZeroClipboard.swf</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20396</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="scarlet">
|
|
<vulnerability>
|
|
<title>scarlet <= 1.1.3 - XSS in ZeroClipboard.swf</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20396</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="allure-real-estate-theme-for-placester">
|
|
<vulnerability>
|
|
<title>allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20396</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="allure-real-estate-theme-for-real-estate">
|
|
<vulnerability>
|
|
<title>allure-real-estate-theme-for-real-estate <= 0.1.1 - XSS in ZeroClipboard.swf</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20396</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="felici">
|
|
<vulnerability>
|
|
<title>felici - XSS Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/20560</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="classic">
|
|
<vulnerability>
|
|
<title>Classic 1.5 - PHP_SELF XSS</title>
|
|
<references>
|
|
<url>http://osvdb.org/38450</url>
|
|
<cve>2007-4483</cve>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="brilliant">
|
|
<vulnerability>
|
|
<title>brilliant - File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="colormix">
|
|
<vulnerability>
|
|
<title>Colormix - Multiple vulnerabilities</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/121372/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Apr/172</url>
|
|
</references>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="jobroller">
|
|
<vulnerability>
|
|
<title>XSS in jobroller theme</title>
|
|
<references>
|
|
<url>http://cxsecurity.com/issue/WLB-2013060089</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ambience">
|
|
<vulnerability>
|
|
<title>Xss In wordpress ambience theme</title>
|
|
<references>
|
|
<url>http://packetstorm.igor.onlinedirect.bg/1306-exploits/wpambience-xss.txt</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="slash-wp">
|
|
<vulnerability>
|
|
<title>Slash WP - FPD, XSS and CS vulnerabilities</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/123748/</url>
|
|
<url>http://seclists.org/fulldisclosure/2013/Jun/166</url>
|
|
</references>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="persuasion">
|
|
<vulnerability>
|
|
<title>Persuasion - PrettyPhoto DOM XSS</title>
|
|
<references>
|
|
<url>http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Persuasion <= 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124547/</url>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Persuasion <= 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124547/</url>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="More">
|
|
<vulnerability>
|
|
<title>MORE+ - PrettyPhoto XSS Vulnerability</title>
|
|
<references>
|
|
<secunia>54924</secunia>
|
|
<url>http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0177.html</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="silverorchid">
|
|
<vulnerability>
|
|
<title>silverOrchid <= 1.5.0 - XSS Vulnerability</title>
|
|
<references>
|
|
<osvdb>96723</osvdb>
|
|
<secunia>54662</secunia>
|
|
<url>http://packetstormsecurity.com/files/122986/</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="Caulk">
|
|
<vulnerability>
|
|
<title>Caulk - path disclosure vulnerability</title>
|
|
<references>
|
|
<osvdb>90889</osvdb>
|
|
<url>http://packetstormsecurity.com/files/120632/</url>
|
|
<url>http://themeforest.net/item/caulk/76108</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="WPLocalPlaces">
|
|
<vulnerability>
|
|
<title>WPLocalPlaces - File Upload Remote Code Execution</title>
|
|
<references>
|
|
<osvdb>98806</osvdb>
|
|
<url>http://packetstormsecurity.com/files/123697/</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="photocrati-theme">
|
|
<vulnerability>
|
|
<title>Photocrati 4.7.3 - photocrati-gallery/ecomm-sizes.php prod_id Parameter Reflected XSS</title>
|
|
<references>
|
|
<osvdb>102717</osvdb>
|
|
<secunia>56690</secunia>
|
|
<url>http://packetstormsecurity.com/files/124986/</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Photocrati - Multiple Script Direct Request Path Disclosure</title>
|
|
<references>
|
|
<osvdb>92836</osvdb>
|
|
<url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="music">
|
|
<vulnerability>
|
|
<title>Music - Multiple Script Direct Request Path Disclosure</title>
|
|
<references>
|
|
<osvdb>92837</osvdb>
|
|
<url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="imperial-fairytale">
|
|
<vulnerability>
|
|
<title>Imperial Fairytale - Multiple Script Direct Request Path Disclosure</title>
|
|
<references>
|
|
<osvdb>92838</osvdb>
|
|
<url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Imperial Fairytale - jPlayer Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53210</secunia>
|
|
<url>http://seclists.org/oss-sec/2013/q2/177</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="feather12">
|
|
<vulnerability>
|
|
<title>Feather12 - Multiple Script Direct Request Path Disclosure</title>
|
|
<references>
|
|
<osvdb>92839</osvdb>
|
|
<url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="studiozen">
|
|
<vulnerability>
|
|
<title>Studio Zen - Multiple Script Direct Request Path Disclosure</title>
|
|
<references>
|
|
<osvdb>92840</osvdb>
|
|
<url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Studio Zen - jPlayer Cross-Site Scripting Vulnerability</title>
|
|
<references>
|
|
<secunia>53212</secunia>
|
|
<url> http://seclists.org/oss-sec/2013/q2/177</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="area53">
|
|
<vulnerability>
|
|
<title>AREA53 <= 1.0.5 - File Upload Code Execution</title>
|
|
<references>
|
|
<osvdb>98927</osvdb>
|
|
<exploitdb>29068</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/63306</url>
|
|
<url>http://1337day.com/exploit/21442</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="sahifa">
|
|
<vulnerability>
|
|
<title>Sahifa 2.4.0 - Multiple Script Path Disclosure Direct Request Path Disclosure</title>
|
|
<references>
|
|
<osvdb>88926</osvdb>
|
|
<url>http://packetstormsecurity.com/files/119191/</url>
|
|
<url>http://www.securityfocus.com/bid/57109</url>
|
|
</references>
|
|
<type>FPD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Sahifa 2.4.0 - Site Setting Reset CSRF</title>
|
|
<references>
|
|
<osvdb>88927</osvdb>
|
|
<url>http://packetstormsecurity.com/files/119191/</url>
|
|
<url>http://www.securityfocus.com/bid/57109</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="simpledark">
|
|
<vulnerability>
|
|
<title>SimpleDark 1.2.10 - 's' Parameter Cross Site Scripting Vulnerability</title>
|
|
<references>
|
|
<url>http://www.securityfocus.com/bid/46615</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="geoplaces4">
|
|
<vulnerability>
|
|
<title>GeoPlaces - File Upload Handling Remote Command Execution</title>
|
|
<references>
|
|
<osvdb>98975</osvdb>
|
|
<url>http://packetstormsecurity.com/files/123773/</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="curvo">
|
|
<vulnerability>
|
|
<title>Curvo - wp-content/themes/curvo/functions/upload-handler.php File Upload CSRF</title>
|
|
<references>
|
|
<osvdb>99043</osvdb>
|
|
<exploitdb>29211</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123799/</url>
|
|
<url>http://packetstormsecurity.com/files/123820/</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="MoneyTheme">
|
|
<vulnerability>
|
|
<title>Money - wp-content/themes/MoneyTheme/uploads/upload.php File Upload Remote Code Execution</title>
|
|
<references>
|
|
<osvdb>99187</osvdb>
|
|
<url>http://packetstormsecurity.com/files/123819/</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="saico">
|
|
<vulnerability>
|
|
<title>Saico - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29150</exploitdb>
|
|
<url>http://1337day.com/exploit/21440</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ThisWay">
|
|
<vulnerability>
|
|
<title>ThisWay - remote shell upload vulnerability</title>
|
|
<references>
|
|
<secunia>55587</secunia>
|
|
<url>http://packetstormsecurity.com/files/123895/</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ThinkResponsive">
|
|
<vulnerability>
|
|
<title>Think Responsive 1.0 - Arbitrary shell upload vulnerability</title>
|
|
<references>
|
|
<exploitdb>29332</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123880/</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="anthology">
|
|
<vulnerability>
|
|
<title>Anthology - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21460</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="amoveo">
|
|
<vulnerability>
|
|
<title>Amoveo - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21451</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="switchblade">
|
|
<vulnerability>
|
|
<title>Switchblade 1.3 - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<osvdb>88918</osvdb>
|
|
<exploitdb>29330</exploitdb>
|
|
<url>http://1337day.com/exploit/21457</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="magnitudo">
|
|
<vulnerability>
|
|
<title>Magnitudo - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21457</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ghost">
|
|
<vulnerability>
|
|
<title>Ghost - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21416</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="RightNow">
|
|
<vulnerability>
|
|
<title>Right Now - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21420</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ColdFusion">
|
|
<vulnerability>
|
|
<title>Cold Fusion - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21431</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="chameleon">
|
|
<vulnerability>
|
|
<title>Chameleon - Arbitrary File Upload Vulnerability</title>
|
|
<references>
|
|
<url>http://1337day.com/exploit/21449</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="kernel-theme">
|
|
<vulnerability>
|
|
<title>Kernel Theme - functions/upload-handler.php File Upload Remote Code Execution</title>
|
|
<references>
|
|
<osvdb>99553</osvdb>
|
|
<exploitdb>29482</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123954/</url>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="rockstar-theme">
|
|
<vulnerability>
|
|
<title>Rockstar - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21510</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="reganto-theme">
|
|
<vulnerability>
|
|
<title>Reganto - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21511</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="rayoflight-theme">
|
|
<vulnerability>
|
|
<title>Ray of Light - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21512</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="radial-theme">
|
|
<vulnerability>
|
|
<title>Radial - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21513</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="oxygen-theme">
|
|
<vulnerability>
|
|
<title>Oxygen - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21514</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="bulteno-theme">
|
|
<vulnerability>
|
|
<title>Bulteno - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21515</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="bordeaux-theme">
|
|
<vulnerability>
|
|
<title>Bordeaux - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123999/</url>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
<url>http://1337day.com/exploit/21516</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="agritourismo-theme">
|
|
<vulnerability>
|
|
<title>Agritourismo - Remote File Upload Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29946</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124232/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="highlight">
|
|
<vulnerability>
|
|
<title>Highlight Powerful Premium - upload-handler.php File Upload CSRF</title>
|
|
<references>
|
|
<osvdb>99703</osvdb>
|
|
<exploitdb>29525</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/123974/</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="euclid">
|
|
<vulnerability>
|
|
<title>Euclid - CSRF Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29667</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124043/</url>
|
|
<url>http://1337day.com/exploit/21538</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="dimension">
|
|
<vulnerability>
|
|
<title>Dimension - CSRF Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29668</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124042/</url>
|
|
<url>http://1337day.com/exploit/21537</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="amplus">
|
|
<vulnerability>
|
|
<title>Amplus - CSRF Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29669</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124041/</url>
|
|
<url>http://1337day.com/exploit/21535</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="make_a_statement">
|
|
<vulnerability>
|
|
<title>Make A Statement - CSRF Vulnerability</title>
|
|
<references>
|
|
<exploitdb>29670</exploitdb>
|
|
<url>http://packetstormsecurity.com/files/124044/</url>
|
|
<url>http://1337day.com/exploit/21536</url>
|
|
</references>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="ithemes2">
|
|
<vulnerability>
|
|
<title>iThemes2 - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124097/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="suco">
|
|
<vulnerability>
|
|
<title>Suco - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124094/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="elemin">
|
|
<vulnerability>
|
|
<title>Elemin - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124149/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="folo">
|
|
<vulnerability>
|
|
<title>Folo - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124150/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Folo - Cross Site Scripting</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/124230/</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="Bloggie">
|
|
<vulnerability>
|
|
<title>Bloggie - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124152/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="blogfolio">
|
|
<vulnerability>
|
|
<title>Blogfolio - themify-ajax.php File Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>100271</osvdb>
|
|
<url>http://packetstormsecurity.com/files/124156/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="OptimizePress">
|
|
<vulnerability>
|
|
<title>OptimizePress - File Upload Vulnerability</title>
|
|
<references>
|
|
<osvdb>100509</osvdb>
|
|
<cve>2013-7102</cve>
|
|
<secunia>56379</secunia>
|
|
<url>http://packetstormsecurity.com/files/124246/</url>
|
|
<url>http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/</url>
|
|
<metasploit>exploit/unix/webapp/php_wordpress_optimizepress</metasploit>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="Blooog-v1.1">
|
|
<vulnerability>
|
|
<title>Blooog 1.1 - jplayer.swf Cross Site Scripting</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/124240/</url>
|
|
<url>http://xforce.iss.net/xforce/xfdb/89356</url>
|
|
<cve>2013-7129</cve>
|
|
<osvdb>92254</osvdb>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
<!-- Fake, See https://github.com/wpscanteam/wpscan/issues/383
|
|
<theme name="twentyten">
|
|
<vulnerability>
|
|
<title>TwentyTen 1.1-1.5 - loop.php Multiple File Extension Upload Arbitrary Code Execution</title>
|
|
<references>
|
|
<osvdb>88822</osvdb>
|
|
</references>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</theme>
|
|
-->
|
|
<!--- Fake vuln, see: Commit https://github.com/wpscanteam/wpscan/commit/40f96dd2bde8ed262c6d9428734624510a93fad4
|
|
<theme name="nest">
|
|
<vulnerability>
|
|
<title>Nest - gerador_galeria.php codigo Parameter SQL Injection</title>
|
|
<references>
|
|
<osvdb>88298</osvdb>
|
|
<url>http://www.securityfocus.com/bid/56792</url>
|
|
<url>http://xforce.iss.net/xforce/xfdb/80503</url>
|
|
</references>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
-->
|
|
<theme name="toolbox">
|
|
<vulnerability>
|
|
<title>Toolbox 1.4 - flyer.php mls Parameter SQL Injection</title>
|
|
<references>
|
|
<osvdb>88293</osvdb>
|
|
<url>http://www.securityfocus.com/bid/56745</url>
|
|
</references>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="oberliga_theme">
|
|
<vulnerability>
|
|
<title>Oberliga - team.php team Parameter SQL Injection</title>
|
|
<references>
|
|
<osvdb>88454</osvdb>
|
|
<url>http://packetstormsecurity.org/files/118368/</url>
|
|
<url>http://xforce.iss.net/xforce/xfdb/80273</url>
|
|
</references>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="cstardesign">
|
|
<vulnerability>
|
|
<title>CStar Design 2.0 - flashmoXML.php id Parameter SQL Injection</title>
|
|
<references>
|
|
<osvdb>88291</osvdb>
|
|
<url>http://www.securityfocus.com/bid/56694</url>
|
|
</references>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="malmonation">
|
|
<vulnerability>
|
|
<title>Malmonation - debate.php id Parameter SQL Injection</title>
|
|
<references>
|
|
<osvdb>87866</osvdb>
|
|
<url>http://packetstormsecurity.org/files/118340/</url>
|
|
<url>http://xforce.iss.net/xforce/xfdb/80252</url>
|
|
</references>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="lightspeed">
|
|
<vulnerability>
|
|
<title>LightSpeed - Valums Uploader Shell Upload Exploit</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/119241/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<!-- Tested with v1.4, other versions might be vulnerable -->
|
|
<theme name="eptonic">
|
|
<vulnerability>
|
|
<title>Eptonic - Valums Uploader Shell Upload Exploit</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/119241/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<!-- Tested with v1.0, other versions might be vulnerable -->
|
|
<theme name="nuance">
|
|
<vulnerability>
|
|
<title>Nuance - Valums Uploader Shell Upload Exploit</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/119241/</url>
|
|
</references>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="dejavu">
|
|
<vulnerability>
|
|
<title>DejaVu 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>DejaVu 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="elegance">
|
|
<vulnerability>
|
|
<title>Elegance 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Elegance 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="echelon">
|
|
<vulnerability>
|
|
<title>Echelon 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Echelon 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="modular">
|
|
<vulnerability>
|
|
<title>Modular 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Modular 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="fusion">
|
|
<vulnerability>
|
|
<title>Fusion 2.1 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.2</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Fusion 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.2</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="method">
|
|
<vulnerability>
|
|
<title>Method 2.1 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Method 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.2</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="myriad">
|
|
<vulnerability>
|
|
<title>Myriad 2.0 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Myriad 2.0 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.1</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="construct">
|
|
<vulnerability>
|
|
<title>Construct 1.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>1.5</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="awake">
|
|
<vulnerability>
|
|
<title>Awake 3.3 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>3.4</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="infocus">
|
|
<vulnerability>
|
|
<title>InFocus 3.3 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
|
|
<references>
|
|
<osvdb>101330</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>2.5</fixed_in>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>InFocus 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
|
|
<references>
|
|
<osvdb>101331</osvdb>
|
|
<exploitdb>30443</exploitdb>
|
|
<url>http://www.securityfocus.com/bid/64501</url>
|
|
</references>
|
|
<type>UNKNOWN</type>
|
|
<fixed_in>3.4</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="elegant-grunge">
|
|
<vulnerability>
|
|
<title>Elegant Grunge 1.0.3 - s Parameter XSS</title>
|
|
<references>
|
|
<osvdb>75942</osvdb>
|
|
<cve>2011-3856</cve>
|
|
<url>http://www.securityfocus.com/bid/49869</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
<fixed_in>1.0.4</fixed_in>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="simplebalance">
|
|
<vulnerability>
|
|
<title>Simple Balance <= 2.2.1 - index.php s Parameter XSS</title>
|
|
<references>
|
|
<osvdb>76722</osvdb>
|
|
<secunia>46671</secunia>
|
|
<url>http://packetstormsecurity.com/files/106341/</url>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="codilight">
|
|
<vulnerability>
|
|
<title>Codilight Premium 1.0.0 - admin/front-end/options.php reset Parameter XSS</title>
|
|
<references>
|
|
<osvdb>100791</osvdb>
|
|
</references>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
<theme name="iloveit">
|
|
<vulnerability>
|
|
<title>Love It - XSS / Content Spoofing / Path Disclosure</title>
|
|
<references>
|
|
<url>http://packetstormsecurity.com/files/122386/</url>
|
|
</references>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</theme>
|
|
|
|
</vulnerabilities>
|