Apache vulnerabilities and new updates
N-Stalker has made available the latest database update (v175) for N-Stealth Web Security Scanner.
You should be able to receive it automatically next time you execute the scanner.
 |
to manually download it, use the url: https://secure.nstalker.com/customercenter/ |
If you need any additional assistance during this process, please, contact us at:
E-mail: support at nstalker (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)
This release has included the following vulnerabilities:
– Apache 1.3.34/2.0.57/2.2.1 Unfiltered HTML Injection ‘Expect’ Header
– PHP 5.1.3 PHPInfo Large Input Cross-Site Scripting Vulnerability
– PHP 5.1.3 Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
– MarmaraWeb E-Commerce Remote File Include Vulnerability
– MarmaraWeb E-Commerce Cross-Site Scripting Vulnerability
– Mantis 1.0RC3 View_filters_page.PHP Cross-Site Scripting Vulnerability
– Netref 3.0 Index.PHP SQL Injection Vulnerability
– WikkaWiki 1.1.6.0 TextSearch.PHP Cross-Site Scripting Vulnerability
– ASPBB 0.4 Multiple SQL Injection Vulnerabilities
– ASP-DEV XM Forum RC3 Forum.ASP Cross-Site Scripting Vulnerability
– CourseForum Technologies ProjectForum 4.7 Multiple Cross-Site Scripting Vulnerabilities
– DreamLevels Dream Poll 3.0 View_Results.PHP SQL Injection Vulnerability
– Jamit Job Board 2.4.1 Index.PHP SQL Injection Vulnerability
– PHP Web Scripts Ad Manager Pro 2.0 Advertiser_statistic.PHP SQL Injection Vulnerability
– Plogger Beta2 Index.PHP Multiple Input Validation Vulnerabilities
– PHP JackKnife 2.21 Cross-Site Scripting Vulnerability
– PHPCoin 1.2.2 Coin_CFG.PHP SQL Injection Vulnerability
– EveryAuction 1.53 Auction.PL Cross-Site Scripting Vulnerability
– Arab Portal System 2.0 beta 2 Link.PHP SQL Injection Vulnerabilities
– Website Baker 2.6 SQL Injection Vulnerability
– LocazoList Classifieds 1.03c SearchDB.ASP Input Validation Vulnerability
– Blackboard Academic Suite 6.0 Frameset.JSP Cross-Domain Frameset Loading Vulnerability
– Horde Kronolith 2.0.5 Multiple HTML Injection Vulnerabilities
– Horde Nag 2.0.3 Remote HTML Injection Vulnerabilities
– Magic Book Professional 2.0 Book.CFM Cross-Site Scripting Vulnerability
– Horde Mnemo 2.0.2 Remote HTML Injection Vulnerabilities
– Horde Turba 2.0.4 Multiple HTML Injection Vulnerabilities
– Nortel SSL VPN 4.2.1.6 Web Interface Input Validation Vulnerability
– PHPMyAdmin 2.7.0-beta1 Multiple Cross-Site Scripting Vulnerabilities
– PHPMyAdmin 2.7.0-beta1 Import_Blacklist Variable Overwrite Vulnerability
– Flatnuke 2.5.6 Index.PHP Directory Traversal Vulnerability
– Lyris Listmanager 8.8a TCLHTTPd Service Multiple Information Disclosure Vulnerabilities
– Lyris ListManager 8.8a Multiple SQL Injection Vulnerabilities
– Computer Associates CleverPath Portal 4.7 Login Page Cross-Site Scripting Vulnerability
– ACME Perl-Cal 2.99.30 Cal_make.PL Cross-Site Scripting Vulnerability
– XcPhotoAlbum 1.0 PASearch.ASP Cross-Site Scripting Vulnerability
– XcClassified 3.0 CPSearch.ASP Cross-Site Scripting Vulnerability
– Horde IMP 4.0.4 Email Attachments HTML Injection Vulnerability
– Zen Cart 1.2.6d Password_Forgotten.PHP SQL Injection Vulnerability
– Atlassian Confluence 2.0.1 build 321 Search Cross-Site Scripting Vulnerability
– Mr CGI Guy Multiple Software Search.CGI Cross-Site Scripting Vulnerability
– Quicksilver Forums 1.1.4 SQL Injection Vulnerability
– PHP-Fusion 6.0.109 Messages.PHP SQL Injection Vulnerability
N-Stealth DB General Information
Version: 175
Release Date: 05/29/2006
