RESELLER | LOGIN
← Volte para a página principal
N-Stalker Latest Updates

Jetbox CMS and PHP application vulnerabilities

By N-Stalker Team on January 21, 2008

N-Stalker has made available the latest database update for its Web Application Security Assessment Products. Following the support life-cycle, we are still distributing updates for previous version.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • GNUTurk 3G Mods.PHP Cross Site Scripting Vulnerability [CVE-2007-2879]
  • Webavis 0.1.1 Class.PHP Remote File Include Vulnerability [CVE-2007-2943]
  • FirmWorx 0.1.2 Master.Inc.PHP Remote File Include Vulnerability [CVE-2007-2891]
  • FirmWorx 0.1.2 Main.Inc.PHP Remote File Include Vulnerability [CVE-2007-2891]
  • FirmWorx 0.1.2 Master.Inc.PHP Remote File Include Vulnerability [CVE-2007-2891]
  • Dokeos 1.6.5 CourseLog.PHP SQL Injection Vulnerability [CVE-2007-2889]
  • CPCommerce 1.1 Category.PHP SQL Injection Vulnerability [CVE-2007-2890]
  • ASP-Nuke 2.0.7 News.ASP Cross Site Scripting Vulnerability [CVE-2007-2892]
  • WYYS 1.0 Index.PHP Cross Site Scripting Vulnerability [CVE-2007-2887]
  • Dokeos 1.8 My_Progress.PHP SQL Injection Vulnerability [CVE-2007-2902]
  • Dokeos 1.8 Editor.PHP Cross-Site Scripting Vulnerability [CVE-2007-2901]
  • GMTT Music Distro 1.2 ShowOwn.PHP Cross Site Scripting Vulnerability [CVE-2007-2916]
  • Scallywag Template.PHP Remote File Include Vulnerability [CVE-2007-2900]
  • Scallywag Template.PHP Remote File Include Vulnerability [CVE-2007-2900]
  • Scallywag Template.PHP Remote File Include Vulnerability [CVE-2007-2900]
  • PsychoStats 3.0.6 Weapons.PHP Cross-Site Scripting Vulnerability [CVE-2007-2914]
  • PsychoStats 3.0.6 Awards.PHP Cross-Site Scripting Vulnerability [CVE-2007-2914]
  • PsychoStats 3.0.6 Login.PHP Cross-Site Scripting Vulnerability [CVE-2007-2914]
  • PsychoStats 3.0.6 Register.PHP Cross-Site Scripting Vulnerability [CVE-2007-2914]
  • ClonusWiki 0.5 Index.PHP HTML Injection Vulnerability [CVE-2007-2913]
  • rdiffWeb 0.3.5 Directory Traversal Vulnerability [CVE-2007-2747]
  • Jetbox CMS 2.1 Login Variable Cross Site Scripting Vulnerability [CVE-2007-2686]
  • BTITracker 1.4.1 Account_Change.PHP SQL Injection Vulnerability [CVE-2007-2854]
  • Jetbox CMS 2.1 Index.PHP SQL Injection Vulnerability [CVE-2007-2685]
  • Jetbox CMS 2.1 Index.PHP SQL Injection Vulnerability [CVE-2007-2685]
  • Ol’ Bookmark 0.7.4 Index.PHP SQL Injection Vulnerability [CVE-2007-2817]
  • Mambo Com_Yanc 1.4 Add On ListID Parameter SQL Injection Vulnerability [CVE-2007-2792]
  • GNU GNATS 4.0 Gnatsweb.PL Cross-Site Scripting Vulnerability [CVE-2007-2808]
  • Vizayn Urun Tanytym Sitesi 0.2 Default.ASP SQL Injection Vulnerability [CVE-2007-2803]
  • Coppermine Photo Gallery 1.4 YABBSE.INC.PHP Remote File Include Vulnerability [CVE-2007-4283]
  • Easy Doc 1.4 File.PHP Remote File Include Vulnerability [CVE-2006-5243]
  • Easy Doc 1.4 Find.PHP Remote File Include Vulnerability [CVE-2006-5243]
  • Easy Doc 1.4 Comment.PHP Remote File Include Vulnerability [CVE-2006-5243]
  • NcasterCMS 1.7.2 Archive.PHP Remote File Include Vulnerability [CVE-2007-4320]
  • Easy Doc 1.4 Find_File.PHP Remote File Include Vulnerability [CVE-2006-5243]
  • Cyberfolio 2.0 Incl_Voir_Compet.PHP Remote File Include Vulnerability [CVE-2006-5768]
  • Cyberfolio 2.0 View.PHP Remote File Include Vulnerability [CVE-2006-5768]
  • PHPDynaSite 3.2.2 Function_Log.PHP Remote File Include Vulnerability [CVE-2006-5760]
  • PHPDynaSite 3.2.2 Function_Balise_Url.PHP Remote File Include Vulnerability [CVE-2006-5760]
  • PHPDynaSite 3.2.2 Connection.PHP Remote File Include Vulnerability [CVE-2006-5760]
  • IF-CMS Index.PHP Cross-Site Scripting Vulnerability [CVE-2006-5761]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • Mobile Multiple Cross-Site Scripting Vulnerabilities [CVE-2006-5770]
  • FrontAccounting 1.12 Config.PHP Remote File Include Vulnerability [CVE-2007-4279]
  • VietPHP Index.PHP Remote File Include Vulnerability [CVE-2007-4235]
  • VietPHP _Functions.PHP Remote File Include Vulnerability [CVE-2007-4235]
  • VietPHP Index.PHP Remote File Include Vulnerability [CVE-2007-4235]
  • CreAr.de PHPNews 0.93 Change_Action.PHP Remote File Include Vulnerability [CVE-2007-4232]
  • PhpHostBot 1.06 Login.PHP Remote File Include Vulnerability [CVE-2007-4231]
  • Cartweaver 2.17.11 Details.CFM SQL Injection Vulnerability [CVE-2006-2046]
  • Visionera AB VisionProject 3.1 EditProjectIssue.Do Cross-Site Scripting Vulnerability [CVE-2007-4265]
  • Visionera AB VisionProject 3.1 ProjectIssues.Do Cross-Site Scripting Vulnerability [CVE-2007-4265]
  • Visionera AB VisionProject 3.1 ProjectDocuments.Do Cross-Site Scripting Vulnerability [CVE-2007-4265]
  • Visionera AB VisionProject 3.1 ProjectSelected.Do Cross-Site Scripting Vulnerability [CVE-2007-4265]
  • snif 1.5.2 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-4264]
  • snif 1.5.2 Index.PHP Cross-Site Scripting Vulnerability [CVE-2007-4264]
  • Prozilla Cat Parameter SQL Injection Vulnerability [CVE-2007-4258]
  • Envolution 1.1 News Module Topic Parameter SQL Injection Vulnerability [CVE-2007-4253]
  • auraCMS 2.0 Forum Module \”Pilih\” variable SQL Injection Vulnerability [CVE-2007-4171]
  • CONTENTdm Search.PHP Cross-Site Scripting Vulnerability [CVE-2007-4245]
  • J! Reactions 1.8.1 comPath Remote File Include Vulnerability [CVE-2007-4244]
  • Next Gen Portfolio Manager Default.ASP SQL Injection Vulnerability [CVE-2007-4208]
  • LANAI CMS 1.2.14 Module.PHP SQL Injection Vulnerability [CVE-2007-4210]
  • LANAI CMS 1.2.14 Module.PHP SQL Injection Vulnerability [CVE-2007-4210]
  • LANAI CMS 1.2.14 Module.PHP SQL Injection Vulnerability [CVE-2007-4210]
  • Easy Gallery 1.4 Doc_Directory Parameter Multiple Remote File Include Vulnerabilities [CVE-2006-5241]
  • Easy Gallery 1.4 Doc_Directory Parameter Multiple Remote File Include Vulnerabilities [CVE-2006-5241]
  • Easy Gallery 1.4 Doc_Directory Parameter Multiple Remote File Include Vulnerabilities [CVE-2006-5241]
  • Easy Gallery 1.4 Doc_Directory Parameter Multiple Remote File Include Vulnerabilities [CVE-2006-5241]
  • Gallery In A Box Index.ASP SQL Injection Vulnerability [CVE-2007-4207]
  • Freenews 1.1 Moteur.PHP Remote File Include Vulnerability [CVE-2006-5226]
  • Hunkaray Okul Portali 1.1 Duyuruoku.ASP SQL Injection Vulnerability [CVE-2007-4173]
  • Joomla Tour de France Pool 1.0.1 Module mosConfig_absolute_path Remote File Include Vulnerability [CVE-2007-4186]
  • PHP Arena paBugs 2.0 Index.PHP SQL Injection Vulnerability [CVE-2007-4183]
  • WebDirector 2.2 Index.PHP Cross Site Scripting Vulnerability [CVE-2007-4178]
  • MX Smartor Album Module 1.02 Album.PHP Remote File Include Vulnerability [CVE-2006-5803]
  • OpenRat 0.8 Index.PHP Multiple Cross-Site Scripting Vulnerabilities [CVE-2007-4175]
  • Docmint Required.php Remote File Include Vulnerability [CVE-2006-5240]
  • RadScripts RadLance 7.0 Popup.PHP Local File Include Vulnerability [CVE-2006-2404]
  • WordPress 2.2.1 Upload.PHP Cross-Site Scripting Vulnerability [CVE-2007-4139]
  • SazCart 1.5 CART.PHP Remote File Include Vulnerability [CVE-2006-5727]
  • PHPQuestionnaire Ifunction.PHP Remote File Include Vulnerability [CVE-2006-4966]
  • Admanager 1.1 Script Injection Vulnerability

This entry was posted in N-Stalker Latest Updates. Bookmark the permalink.
Products
About N-Stalker
Contact

Rua Monte Alegre, 61 - cj 81
Sao Paulo, BRA, 05014-000
BRA Phone: +55-11-3868-1997
Contact us