RESELLER | LOGIN
← Volte para a página principal
N-Stalker Latest Updates

MS Sharepoint vulnerabilities and database fixes

By N-Stalker Team on December 17, 2007

N-Stalker has made available the latest database update for its Web Application Security Assessment Products. Following the support life-cycle, we are still distributing updates for previous version.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • Microsoft SharePoint Server 2007 Cross-Site Scripting Vulnerability [CVE-2007-2581]
  • PMECMS 1.0 Index.PHP Remote File Include Vulnerability [CVE-2007-2540]
  • PMECMS 1.0 Index.PHP Remote File Include Vulnerability [CVE-2007-2540]
  • PMECMS 1.0 Index.PHP Remote File Include Vulnerability [CVE-2007-2540]
  • PMECMS 1.0 Index.PHP Remote File Include Vulnerability [CVE-2007-2540]
  • PMECMS 1.0 Index.PHP Remote File Include Vulnerability [CVE-2007-2540]
  • Persism Content Management System 0.9.2 Headerfile.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Headerfile.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Headerfile.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Latest_News.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Headerfile.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Links.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Headerfile.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Latest_Posts.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Headerfile.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Persism Content Management System 0.9.2 Latest_Files.PHP Remote File Include Vulnerability [CVE-2007-2545]
  • Workbench Survival Guide 0.11 Header.PHP Remote File Include Vulnerability [CVE-2007-2542]
  • TurnkeyWebTools SunShop Shopping Cart 4.0 Index.PHP SQL Injection Vulnerability [CVE-2007-2549]
  • Xoops Flashgames Module 1.0.1 Game.PHP SQL Injection Vulnerability [CVE-2007-2543]
  • E-Gads! 2.2.6 Common.PHP Remote File Include Vulnerability [CVE-2007-2521]
  • Versado CMS 1.07 Ajax_Listado.PHP Remote File Include Vulnerability [CVE-2007-2541]
  • D-Link DSL-G624T Var:RelaodHref Cross-Site Scripting Vulnerability
  • PHP 4.4.6 PHPInfo Cross-Site Scripting Variant Vulnerability
  • PHPSecurityAdmin 4.0.2 Logout.PHP Remote File Include Vulnerability [CVE-2007-2628]
  • TurnkeyWebTools Sunshop 4.0 Payflow_Pro.PHP Remote File Include Vulnerability [CVE-2007-2474]
  • TurnkeyWebTools Sunshop 4.0 Libsecure.PHP Remote File Include Vulnerability [CVE-2007-2474]
  • TurnkeyWebTools Sunshop 4.0 Global.PHP Remote File Include Vulnerability [CVE-2007-2474]
  • PHP Coupon Script 3.0 Index.PHP SQL Injection Vulnerability [CVE-2007-2672]
  • Open Translation Engine 0.7.8 Header.PHP Remote File Include Vulnerability [CVE-2007-2676]
  • PHPChess 2.0 Layout_Admin_Cfg.PHP Remote File Include Vulnerability [CVE-2007-2677]
  • PHPChess 2.0 Layout_Cfg.PHP Remote File Include Vulnerability [CVE-2007-2677]
  • PHPChess 2.0 Layout_T_Top.PHP Remote File Include Vulnerability [CVE-2007-2677]
  • Pre Shopping Mall 1.0 Detail.PHP SQL Injection Vulnerability [CVE-2007-2674]
  • PostNuke v4bJournal Module 0.99 PHP SQL Injection Vulnerability [CVE-2007-2492]
  • Pre Classifieds Listings 1.0 SQL Injection Vulnerability [CVE-2007-2675]
  • 1024 CMS 0.7 Upload Manager Download.PHP Directory Traversal Vulnerability [CVE-2007-2507]
  • WordPress Plugins 1.43 Wordtube-Button.PHP Remote File Include Vulnerability [CVE-2007-2482]
  • WordPress Plugins 1.43 Wptable-Button.PHP Remote File Include Vulnerability [CVE-2007-2482]
  • TCExam 4.0.11 $_SERVER[] Cross-Site Scripting Vulnerability [CVE-2007-2431]
  • CMS Made Simple 1.05 Stylesheet.PHP SQL Injection Vulnerability [CVE-2007-2473]
  • FileRun 1.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-2470]
  • FileRun 1.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-2470]
  • FileRun 1.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-2470]
  • FileRun 1.0 Index.PHP SQL Injection Vulnerability [CVE-2007-2469]
  • WordPress 2.1.2 Post_ID Parameter SQL Injection Vulnerability [CVE-2007-1897]
  • WordPress Myflash Plugin 1.00 Remote File Include Vulnerability [CVE-2007-2485]
  • DVDdb 0.6 Loan.PHP Cross Site Scripting Vulnerability [CVE-2007-2499]
  • DVDdb 0.6 Listmovies.PHP Cross Site Scripting Vulnerability [CVE-2007-2499]
  • PHPChain 1.0 Settings.PHP Cross-Site Scripting Vulnerability [CVE-2007-2670]
  • PHPChain 1.0 Cat.PHP Cross-Site Scripting Vulnerability [CVE-2007-2670]
  • Motobit ASP Upload Manager 1.5 Download.ASP Directory Traversal Vulnerability [CVE-2007-2486]
  • Ariadne 2.4.1 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-2433]
  • Nukedit 4.9.7 Search.ASP Cross-Site Scripting Vulnerability [CVE-2007-2432]
  • WebEvent 4.03 Webevent.CGI Cross-Site Scripting Vulnerability
  • Joomla! Gmaps 1.00 Component Index.PHP SQL Injection Vulnerability
  • Aplomb Poll 1.1 Vote.PHP Remote File Include Vulnerability [CVE-2007-4101]
  • Aplomb Poll 1.1 Admin.PHP Remote File Include Vulnerability [CVE-2007-4101]
  • Aplomb Poll 1.1 Index.PHP Remote File Include Vulnerability [CVE-2007-4101]
  • Berthanas Ziyaretci Defteri 2.0 Yonetici.ASP SQL Injection Vulnerability [CVE-2007-4119]
  • SuskunDuygular Uyelik Sistemi 0.1 Unuttum.ASP SQL Injection Vulnerability [CVE-2007-4114]
  • SuskunDuygular Uyelik Sistemi 0.1 Unuttum.ASP SQL Injection Vulnerability [CVE-2007-4114]
  • sBLOG 0.7.3 Search.PHP Cross-Site Scripting Vulnerability [CVE-2007-4102]
  • Metyus Forum Portal 1.0 Philboard_Forum.ASP SQL Injection Vulnerability [CVE-2007-4116]
  • Bandersnatch 0.4 Index.PHP SQL Injection Vulnerability [CVE-2007-3909]
  • Bandersnatch 0.4 Index.PHP SQL Injection Vulnerability [CVE-2007-3909]
  • AutoDealer 2.0 Detail.ASP SQL Injection Vulnerability [CVE-2007-0053]
  • Prozilla Adult Directory Directory.PHP SQL Injection Vulnerability [CVE-2007-4056]
  • WolioCMS Member.PHP SQL Injection Vulnerability [CVE-2007-4156]
  • IT!CMS 0.2 Menu-Ed.PHP Cross-Site Scripting Vulnerability [CVE-2007-4115]
  • IT!CMS 0.2 Lang-En.PHP Cross-Site Scripting Vulnerability [CVE-2007-4115]
  • IT!CMS 0.2 Titletext-Ed.PHP Cross-Site Scripting Vulnerability [CVE-2007-4115]
  • PHP123 Top Sites Category.PHP SQL Injection Vulnerability [CVE-2007-4054]
  • Novell GroupWise WebAccess 6.5 User.Id Parameter Cross Site Scripting Vulnerability
  • SimpleBlog 3.0 Comments_Get.ASP SQL Injection Vulnerability [CVE-2007-4055]
  • LinPHA 1.3.1 New_images.PHP SQL Injection Vulnerability [CVE-2007-4053]
  • phpSysInfo 2.5.3 Index.php Cross-Site Scripting Vulnerability [CVE-2007-4048]
  • iFoto 1.0 Index.PHP Directory Traversal Vulnerability [CVE-2007-4092]
  • IndexScript 2.8 Show_cat.PHP SQL Injection Vulnerability [CVE-2007-4069]
  • Web Yapar 2.0 Index.PHP SQL Injection Vulnerability [CVE-2007-4068]
  • Vikingboard 0.1.2 Cp.PHP Information Disclosure Weaknesses [CVE-2007-4089]
  • Vikingboard 0.1.2 Cp.PHP Information Disclosure Weaknesses [CVE-2007-4089]
  • Vikingboard 0.1.2 Forum.PHP Information Disclosure Weaknesses [CVE-2007-4089]
  • Vikingboard 0.1.2 Cp.PHP Cross-Site Scripting Vulnerability [CVE-2007-4088]
  • Vikingboard 0.1.2 Help.PHP Cross-Site Scripting Vulnerability [CVE-2007-4088]
  • Vikingboard 0.1.2 User.PHP Cross-Site Scripting Vulnerability [CVE-2007-4088]
  • Vikingboard 0.1.2 Cp.PHP Cross-Site Scripting Vulnerability [CVE-2007-4088]
  • Vikingboard 0.1.2 Cp.PHP Cross-Site Scripting Vulnerability [CVE-2007-4088]
  • Vikingboard 0.1.2 Cp.PHP Cross-Site Scripting Vulnerability [CVE-2007-4088]
  • Nukedit 4.9.7 Login.ASP Cross-Site Scripting Vulnerability [CVE-2007-4052]
  • PhpHostBot 1.05 Authorize.PHP Remote File Include Vulnerability [CVE-2007-4094]
  • W1L3D4 Philboard 0.3 W1L3D4_Aramasonuc.ASP Cross-Site Scripting Vulnerability [CVE-2007-4024]
  • FORMfields AdMan 1.0.20051202 Login.PHP Cross-Site Scripting Vulnerability [CVE-2007-4020]
  • Novell GroupWise Mobile Server 1.0 Cross-Site Scripting Vulnerability [CVE-2007-2592]
  • FORMfield Secure 1.0.20070629 Login.PHP Multiple Cross-Site Scripting Vulnerabilities [CVE-2007-4020]
  • CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability [CVE-2007-4022]
  • Article Directory Index.PHP Remote File Include Vulnerability [CVE-2007-4007]
  • Entertainment CMS Custom.PHP Local File Include Vulnerability [CVE-2007-4008]
  • Webbler CMS 3.1.3 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-4071]
  • Webbler CMS 3.1.3 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-4071]
  • Confixx 3.3.1 Saveserver.PHP Remote File Include Vulnerability [CVE-2007-4009]
  • AlstraSoft Affiliate Network Pro 8.0 Index.PHP SQL Injection Vulnerability [CVE-2007-4084]
  • AlstraSoft Affiliate Network Pro 8.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-4081]
  • AlstraSoft Affiliate Network Pro 8.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-4081]
  • AlstraSoft Affiliate Network Pro 8.0 Temp.PHP SQL Injection Vulnerability [CVE-2007-4084]
  • AlstraSoft Text Ads Enterprise 2.1 Forgot_Uid.PHP Cross-Site Scripting Vulnerability [CVE-2007-4078]
  • AlstraSoft Text Ads Enterprise 2.1 Website_Page.PHP Cross-Site Scripting Vulnerability [CVE-2007-4078]
  • AlstraSoft Text Ads Enterprise 2.1 Search_Results.PHP Cross-Site Scripting Vulnerability [CVE-2007-4078]
  • AlstraSoft Text Ads Enterprise 2.1 Search_Results.PHP Cross-Site Scripting Vulnerability [CVE-2007-4078]
  • AlstraSoft SMS Text Messaging Enterprise 2.0 Membersearch.PHP Cross-Site Scripting Vulnerability [CVE-2007-4079]
  • AlstraSoft SMS Text Messaging Enterprise 2.0 Membersearch.PHP Cross-Site Scripting Vulnerability [CVE-2007-4079]
  • AlstraSoft SMS Text Messaging Enterprise 2.0 Edituser.PHP Cross-Site Scripting Vulnerability [CVE-2007-4079]
  • Alisveris Sitesi Scripti Index.ASP SQL Injection Vulnerability [CVE-2007-4076]
  • Alisveris Sitesi Scripti Index.ASP SQL Injection Vulnerability [CVE-2007-4076]
  • Webspell 4.1.2 Index.PHP Local File Include Vulnerability [CVE-2007-4028]
  • PHMe 0.0.2 Function_List.PHP Local File Include Vulnerability
  • Image Racer 1.0 SearchResults.ASP SQL Injection Vulnerability [CVE-2007-3987]
  • ASP cvmatik 1.1 Cv.ASP HTML Injection Vulnerability [CVE-2007-3991]
  • Alisveris Sitesi Scripti Index.ASP Cross-Site Scripting Vulnerability [CVE-2007-4075]
  • Dora Emlak 1.0 Cross-Site Scripting Vulnerability [CVE-2007-3989]
  • Dora Emlak 1.0 SQL Injection Vulnerability [CVE-2007-3990]
  • iExpress Property Pro Vir_Login.ASP SQL Injection Vulnerability [CVE-2007-3992]
  • Apache Tomcat 4.1.36 SendMailServlet Cross-Site Scripting Vulnerability [CVE-2007-3383]
  • WSN Links Basic Edition CatID Parameter SQL Injection Vulnerability [CVE-2007-3981]
  • RGameScript Pro Page.PHP Remote File Include Vulnerability [CVE-2007-3980]
  • JBlog 1.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-3973]
  • JBlog 1.0 Recherche.PHP Cross-Site Scripting Vulnerability [CVE-2007-3973]
  • UseBB 1.0.7 Upgrade-0-2-3.PHP Cross-Site Scripting Vulnerability [CVE-2007-3963]
  • UseBB 1.0.7 Upgrade-0-4.PHP Cross-Site Scripting Vulnerability [CVE-2007-3963]
  • UseBB 1.0.7 Upgrade-0-3.PHP Cross-Site Scripting Vulnerability [CVE-2007-3963]
  • BlogSite Professional 1.0 Index.PHP SQL Injection Vulnerability [CVE-2007-3979]
  • Pictures Rating Index.PHP SQL Injection Vulnerability [CVE-2007-3881]
  • phpBB SupaNav Module 1.0 Remote File Include Vulnerability [CVE-2007-3935]
  • QuickEStore 8.2 InsertOrder.CFM SQL Injection Vulnerability [CVE-2007-3933]
  • Joomla Pony Gallery Component Index.PHP SQL Injection Vulnerability [CVE-2007-4046]
  • MD-Pro 1.081 Index.PHP TopicID SQL Injection Vulnerability [CVE-2007-3938]
  • Element CMS S Parameter Cross-Site Scripting Vulnerability [CVE-2007-3886]
  • BBS E-Market 1.4.0 P_Mode Parameter Remote File Include Vulnerability [CVE-2007-3934]
  • WordPress Theme 2.2 S Parameter Cross-Site Scripting Vulnerability [CVE-2007-4014]
  • SpoonLabs Vivvo CMS 3.4 Index.PHP SQL Injection Vulnerability [CVE-2007-3939]
  • QuickerSite 1.7.2 Default.ASP Cross-Site Scripting Vulnerability [CVE-2007-3940]
  • Expert Advisor Index.PHP SQL Injection Vulnerability [CVE-2007-3882]
  • Jasmine CMS 1.0_1Profile.PHP HTML Injection Vulnerability [CVE-2007-3941]
  • Insanely Simple Blog 0.5 SQL Injecttion Vulnerability [CVE-2007-3889]
  • Zoph 0.7 Edit_Photos.PHP SQL Injection Vulnerability [CVE-2007-3905]
  • Zoph 0.7 Photos.PHP SQL Injection Vulnerability [CVE-2007-3905]
  • husrevforum 1.0.1 Philboard_forum.ASP SQL Injection Vulnerability [CVE-2007-3884]
  • SiteTrafficStats ReferralURL.PHP SQL Injection Vulnerability [CVE-2007-3840]
  • Citadel WebCit 7.10 Cross-Site Scripting Vulnerability [CVE-2007-3822]
  • REALTOR 747 4.0 Index.PHP SQL Injection Vulnerability [CVE-2007-3810]
  • Prozilla Directory.PHP SQL Injection Vulnerability [CVE-2007-3809]
  • paFileDB 3.6 Search.PHP SQL Injection Vulnerability [CVE-2007-3808]
  • AzDG Dating Gold 3.0.5 Header.PHP Remote File Include Vulnerability [CVE-2007-3792]
  • AzDG Dating Gold 3.0.5 Secure.Admin.PHP Remote File Include Vulnerability [CVE-2007-3792]
  • AzDG Dating Gold 3.0.5 Footer.PHP Remote File Include Vulnerability [CVE-2007-3792]
  • MzK Blog Katgoster.ASP SQL Injection Vulnerability [CVE-2007-3824]
  • eSyndiCat 1.6 Link Directory News.PHP SQL Injection Vulnerability [CVE-2007-3811]
  • eSyndiCat 1.6 Link Directory Page.PHP SQL Injection Vulnerability [CVE-2007-3811]
  • CMScout 1.23 Forums.PHP SQL Injection Vulnerability [CVE-2007-3812]
  • Aigaion 1.3.3 Index.PHP SQL Injection Vulnerability [CVE-2007-3683]
  • 8e6 R3000 Internet Filter 2.0 Multiple Cross-Site Scripting Vulnerabilities [CVE-2007-2970]
  • ActiveWeb Contentserver 5.6.2929 Rights.ASP Cross-Site Scripting Vulnerability [CVE-2007-3014]
  • ActiveWeb Contentserver 5.6.2929 Transaction.ASP Cross-Site Scripting Vulnerability [CVE-2007-3014]
  • ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability [CVE-2007-3013]
  • MKPortal 1.1.1 Index.PHP SQL Injection Vulnerabilit [CVE-2007-3814]
  • Inmostore 4.0 Index.PHP SQL Injection Vulnerability [CVE-2007-3789]
  • PSNews 1.1 Show.PHP Local File Include Vulnerability [CVE-2007-3772]
  • RWAuction Pro 5.0 Search.ASP Cross-Site Scripting Vulnerability [CVE-2007-3540]
  • RWAuction Pro 5.0 Search.ASP Cross-Site Scripting Vulnerability [CVE-2007-3540]
  • RWAuction Pro 5.0 Search.ASP Cross-Site Scripting Vulnerability [CVE-2007-3540]
  • RWAuction Pro 5.0 Search.ASP Cross-Site Scripting Vulnerability [CVE-2007-3540]
  • RWAuction Pro 5.0 Search.ASP Cross-Site Scripting Vulnerability [CVE-2007-3540]
  • EnViVo!CMS Default.ASP ID Parameter SQL Injection Vulnerability [CVE-2005-1413]
  • Mikes World Mail Machine 3.989 Mailmachine.CGI Local File Include Vulnerability [CVE-2007-3702]
  • EVisit Analyst Idsp1.PL SQL Injection Vulnerability [CVE-2007-3677]
  • EVisit Analyst Einsite_Director.PL SQL Injection Vulnerability [CVE-2007-3677]
  • EVisit Analyst Ip.PL SQL Injection Vulnerability [CVE-2007-3677]
  • ImgSvr 0.6.5 Template Parameter Local File Include Vulnerability [CVE-2007-3714]
  • AlstraSoft Video Share Enterprise 4.3 SQL Injection Vulnerability [CVE-2007-2018]
  • FlashBB 1.1.7 Sendmsg.PHP Remote File Include Vulnerability [CVE-2007-3697]
  • Unobtrusive AJAX Star Rating Bar 1.1 SQL Injection Vulnerability [CVE-2007-3684]
  • Unobtrusive AJAX Star Rating Bar 1.1 Cross-Site Scripting Vulnerability [CVE-2007-3685]
  • Unobtrusive AJAX Star Rating Bar 1.1 SQL Injection Vulnerability [CVE-2007-3684]
  • Unobtrusive AJAX Star Rating Bar 1.1 SQL Injection Vulnerability [CVE-2007-3684]
  • Unobtrusive AJAX Star Rating Bar 1.1 SQL Injection Vulnerability [CVE-2007-3684]
  • Inferno Technologies VBulletin RPG Inferno 2.4 Inferno.PHP SQL Injection Vulnerability [CVE-2007-3687]
  • OpenLD 1.2.2 Index.PHP SQL Injection Vulnerability [CVE-2007-3682]
  • GameSiteScript 3.1 Index.PHP SQL Injection Vulnerability [CVE-2007-3631]
  • TorrentFlux 2.1 Dir.PHP Directory Traversal Vulnerability [CVE-2006-5609]
  • SuperCali 0.4 Index.PHP SQL Injection Vulnerability [CVE-2007-3582]
  • Girlserv Ads 1.5 Details_News.PHP SQL Injection Vulnerability [CVE-2007-3583]

This entry was posted in N-Stalker Latest Updates. Bookmark the permalink.
Products
About N-Stalker
Contact

Rua Monte Alegre, 61 - cj 81
Sao Paulo, BRA, 05014-000
BRA Phone: +55-11-3868-1997
Contact us