RESELLER | LOGIN
← Volte para a página principal
N-Stalker Latest Updates

Joomla Reset vulnerability and multiple updates

By N-Stalker Team on August 25, 2008

N-Stalker has made available the latest database update for its Web Application Security Assessment Products.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • Joomla! 1.5.5 COM_USER Component Token Input Validation Vulnerability [CVE-2008-3681]
  • Web Directory Script 2.0 Listing_View.PHP SQL Injection Vulnerability
  • Five Star Review index.PHP Cross Site Scripting Vulnerability
  • Five Star Review Recommend.PHP SQL Injection Vulnerability
  • MiaCMS 4.6.5 Index.PHP TASK/ID Parameter SQL Injection Vulnerability
  • MiaCMS 4.6.5 Index.PHP OPTION/ID Parameter SQL Injection Vulnerability
  • MiaCMS 4.6.5 Index.PHP SECTIONID/ID Parameter SQL Injection Vulnerability
  • TimeTrex 2.2.12 Time and Attendance Module Login.PHP PASSWORD Parameter Cross-Site Scripting Vulnerability
  • TimeTrex 2.2.12 Time and Attendance Module Login.PHP USER_NAME Parameter Cross-Site Scripting Vulnerability
  • One-News Index.PHP SQL Injection Vulnerability
  • Accellion File Transfer FTA_7_0_135 Cross-Site Scripting Vulnerability
  • Joomla! 1.5.5 COM_USER Component Token Input Validation Vulnerability [CVE-2008-3681]
  • EasySite 2.3 Index.PHP MODULE Parameter Local File Include Vulnerability
  • CustomCMS CCMS Gaming 4.0 Print.PHP SQL Injection Vulnerability
  • tinyCMS 1.1.2 Templater.PHP Local File Include Vulnerability
  • FAR-PHP 1.0 Index.PHP Local File Include Vulnerability
  • Fujitsu Web-Based Admin View 2.1.2 Directory Traversal Vulnerability
  • QuidaScript FAQ Management Script Index.PHP SQL Injection Vulnerability
  • Simasy CMS Index.PHP SQL Injection Vulnerability
  • Scripts4Profit DXShopCart 4.30 Product_Detail.PHP SQL Injection Vulnerability
  • Pars4U Videosharing Categories_Portal.PHP SQL Injection Vulnerability
  • Pars4U Videosharing Members.PHP Cross Site Scripting Vulnerability
  • webEdition CMS WE_OBJECTID Parameter SQL Injection Vulnerability
  • phpBazar 2.0.2 Clasified.PHP SQL Injection Vulnerability
  • YourFreeWorld Classifieds Script View.PHP SQL Injection Vulnerability
  • YourFreeWorld Forced Matrix Script Tr1.PHP SQL Injection Vulnerability
  • YourFreeWorld Programs Rating Script Details.PHP SQL Injection Vulnerability
  • Active PHP Bookmarks 1.1.2 View_Group.PHP SQL Injection Vulnerability
  • YourFreeWorld Banner Management Script Tr.PHP SQL Injection Vulnerability
  • Papoo 3.7.1 SUCHANZAHL Parameter SQL Injection Vulnerability [CVE-2008-3724]
  • SunShop Shopping Cart 4.1.4 Class.Ajax.PHP SQL Injection Vulnerability
  • Vanilla 1.1.4 People.PHP Cross-Site Scripting Vulnerability
  • Ovidentia 6.6.5 Index.PHP Cross-Site Scripting Vulnerability
  • cpCommerce 1.1.0 Category.PHP Local File Include Vulnerability [CVE-2008-1908]
  • cpCommerce 1.1.0 Index.PHP Local File Include Vulnerability [CVE-2008-1908]
  • cpCommerce 1.1.0 Display_Page.Func.PHP SQL Injection Vulnerability [CVE-2008-1907]
  • cyberBB 0.6 Show_Topic.PHP SQL Injection Vulnerability
  • cyberBB 0.6 Profile.PHP SQL Injection Vulnerability
  • Freeway 1.4.1.171 Events_Application_Top.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Mainpage.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Whos_Online.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Loginbox.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Card1.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Newsdesk_Article_Require.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Faqdesk_Article_Require.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Account_Newsletters.PHP Local File Include Vulnerability
  • Freeway 1.4.1.171 Account.PHP Local File Include Vulnerability
  • AWStats 6.8 Awstats.PL Cross-Site Scripting Vulnerability
  • PHP Live Helper 2.0 Onlinestatus_Html.PHP SQL Injection Vulnerability
  • PHPBasket Product.PHP SQL Injection Vulnerability
  • XNova Project XNova 0.8 Todofleetcontrol.PHP XNOVA_ROOT_PATH Parameter Remote File Include Vulnerability
  • XNova Project XNova 0.8 Todofleetcontrol.PHP UGAMELA_ROOT_PATH Parameter Remote File Include Vulnerability
  • phpArcadeScript 4.0 Index.PHP SQL Injection Vulnerability
  • PromoProducts View_Product.PHP SUB_CAT Parameter SQL Injection Vulnerabilit
  • PromoProducts View_Product.PHP PRODUCT_ID Parameter SQL Injection Vulnerabilit
  • Quick Poll Code.PHP SQL Injection Vulnerability
  • FipsCMS 2.1 Neu.ASP SQL Injection Vulnerability
  • ZEEJOBSITE 2.0 Bannerclick.PHP SQL Injection Vulnerability
  • FlexCMS 2.5 Inc-Core-Admin-Editor-Previouscolorsjs.PHP Cross-Site Scripting Vulnerability
  • Mambo 4.6.2 Connector.PHP Cross-Site Scripting Vulnerability
  • Mambo 4.6.2 Index3pop.PHP Cross-Site Scripting Vulnerability
  • PHPizabi 0.848b Index.PHP Local File Include Vulnerability
  • mUnky 0.01 Index.PHP Remote Code Execution Vulnerability [CVE-2008-2876]
  • dotCMS 1.6 Macros_Detail.DOT Local File Include Vulnerability
  • dotCMS 1.6 Index.DOT Local File Include Vulnerability
  • Datafeed Studio 1.6.2 Search.PHP Cross-Site Scripting Vulnerability
  • Datafeed Studio Patch.PHP Remote File Include Vulnerability
  • Openfire 3.5.2 Login.JSP Cross-Site Scripting Vulnerability
  • E-Shop Shopping Cart Script Search_Results.PHP SQL Injection Vulnerability
  • Navboard Modules.PHP Cross-Site Scripting Vulnerability
  • Navboard Modules.PHP Local File Include Vulnerability
  • Navboard Admin_Modules.PHP Local File Include Vulnerability
  • PHP-Fusion 4.01 Readmore.PHP SQL Injection Vulnerability
  • PHP Realty Dpage.PHP SQL Injection Vulnerability
  • Freeway 1.4.1.171 Search_Links.PHP Cross-Site Scripting Vulnerability
  • Freeway 1.4.1.171 Create_Order_New.PHP Remote File Include Vulnerability
  • Meet#Web 0.8 Modules.PHP Remote File Include Vulnerability
  • Meet#Web 0.8 RegRightsResource.Class.PHP Remote File Include Vulnerability
  • Meet#Web 0.8 RegResource.Class.PHP Remote File Include Vulnerability
  • Meet#Web 0.8 RegForm.Class.PHP Remote File Include Vulnerability
  • Meet#Web 0.8 ManagerRightsResource.Class.PHP Remote File Include Vulnerability
  • Meet#Web 0.8 ManagerResource.Class.PHP Remote File Include Vulnerability
  • Gelato CMS 0.95 Imgsize.PHP Local File Include Vulnerability
  • IceBB 1.0 Index.PHP SQL Injection Vulnerability
  • Ovidentia 6.0.5 Index.PHP SQL Injection Vulnerability
  • Kayako SupportSuite 3.30 Index.PHP Cross-Site Scripting Vulnerability
  • Kayako SupportSuite 3.30 Index.PHP SQL Injection Vulnerability
  • Domain Group Network GooCMS 1.02 Index.PHP Cross-Site Scripting Vulnerability
  • ZeeScripts ZeeBuddy 2.1 Bannerclick.PHP SQL Injection Vulnerability
  • OpenImpro 1.1 Image.PHP SQL Injection Vulnerability
  • psipuss 1.0 Categories.PHP SQL Injection Vulnerability
  • pPIM 1.0 Upload.PHP Remote File Include Vulnerability
  • pPIM 1.0 Events.PHP Cross-Site Scripting Vulnerability
  • Vacation Rental Script 3.0 Index.PHP SQL Injection Vulnerability
  • txtSQL 2.2 Startup.PHP Remote File Include Vulnerability
  • Quicksilver Forums 1.4.1 Index.PHP SQL Injection Vulnerability
  • RMSOFT Downloads Plus 1.7 Search.PHP Cross-Site Scripting Vulnerability
  • RMSOFT Downloads Plus 1.7 Down.PHP ID Parameter Cross-Site Scripting Vulnerability
  • RMSOFT Downloads Plus 1.7 Down.PHP COM_MODE Parameter Cross-Site Scripting Vulnerability
  • Yogurt Social Network 3.2 Friends.PHP Cross-Site Scripting Vulnerability
  • Yogurt Social Network 3.2 Tribes.PHP Cross-Site Scripting Vulnerability
  • Yogurt Social Network 3.2 Index.PHP Cross-Site Scripting Vulnerability
  • Yogurt Social Network 3.2 Scrapbook.PHP Cross-Site Scripting Vulnerability
  • Yogurt Social Network 3.2 Album.PHP Cross-Site Scripting Vulnerability
  • Yogurt Social Network 3.2 Seutubo.PHP Cross-Site Scripting Vulnerability
  • RMSOFT MiniShop 1.0 Search.PHP Cross-Site Scripting Vulnerability
  • Discuz! 6.0.1 Index.PHP SQL Injection Vulnerability
  • Kshop 2.22 Kshop_Search.PHP Cross-Site Scripting Vulnerability
  • LiteNews 0.1 Index.PHP SQL Injection Vulnerability
  • Quate CMS 0.3.4 Header.PHP PAGE_HEADER Parameter Cross-Site Scripting Vulnerability
  • Quate CMS 0.3.4 Header.PHP PAGE_AREA Parameter Cross-Site Scripting Vulnerability
  • PHP-Nuke Kleinanzeigen Module Modeules.PHP SQL Injection Vulnerability
  • KAPhotoservice Order.ASP Cross-Site Scripting Vulnerability
  • com_uchat component 0.2 Mambo and Joomla! Component SetupDecorator.PHP Remote File Include Vulnerability
  • com_uchat component 0.2 Mambo and Joomla! Component Gtk.PHP Remote File Include Vulnerability
  • phpKF-Portal 1.10 Baslik.PHP Local File Include Vulnerability
  • phpKF-Portal 1.10 Anket_Yonetim.PHP Local File Include Vulnerability
  • Battle.net Clan Script Index.PHP THREAD Parameter SQL Injection Vulnerability
  • Battle.net Clan Script Index.PHP SHOWMEMBER Parameter SQL Injection Vulnerability
  • Chupix CMS Contact Module 0.1 Index.PHP Local File Include Vulnerability
  • POWERGAP Shopsystem S03.PHP SQL Injection Vulnerability
  • Plogger 3.0 Plog-Download.PHP SQL Injection Vulnerability
  • Plogger 3.0 Plog-Themes.PHP SQL Injection Vulnerability
  • Softbiz Photo Gallery Admin/Images.PHP Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Browsecats.PHP Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Cleanup.PHP Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Changepassword.PHP Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Index.PHP LATEST Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Config.PHP Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Adminhome.PHP Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Admin/Index.PHP MSG Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Image_Desc.PHP MSG Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Image_Desc.PHP LATEST Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Suggest_Image.PHP LATEST Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Suggest_Image.PHP LATEST Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Images.PHP MSG Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Images.PHP LATEST Parameter Cross Site Scripting Vulnerability
  • Softbiz Photo Gallery Index.PHP MSG Parameter Cross Site Scripting Vulnerability
  • IGES CMS 2.0 Links.PHP Cross-Site Scripting Vulnerability
  • IGES CMS 2.0 News_Body.PHP SQL Injection Vulnerability
  • IGES CMS 2.0 News.PHP SQL Injection Vulnerability
  • Crafty Syntax Live Help 2.14.6 Livehelp_Js.PHP Cross-Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP PLUCK_VERSION Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Themeinstall.PHP Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP TITELKOP Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header2.PHP PLUCK_VERSION Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_KOP5 Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_KOP15 Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_KOP4 Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_MODULES Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_KOP2 Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_KOP1 Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP TITELKOP Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Header.PHP LANG_INSTALL22 Parameter Cross Site Scripting Vulnerability
  • Pluck 4.5.2 Footer.PHP Cross Site Scripting Vulnerability
  • Dayfox Blog 4.6.12 Index.PHP ARCHIVE Parameter Local File Include Vulnerability
  • Dayfox Blog 4.6.12 Index.PHP CAT Parameter Local File Include Vulnerability
  • Dayfox Blog 4.6.12 Index.PHP P Parameter Local File Include Vulnerability
  • XAMPP for Linux 1.6.7 Iart.PHP Cross-Site Scripting Vulnerability
  • XAMPP for Linux 1.6.7 Ming.PHP Cross-Site Scripting Vulnerability
  • Pcshey Portal Kategori.ASP SQL Injection Vulnerability
  • UNAK-CMS 1.5.5 Connector.PHP Local File Include Vulnerability
  • MRBS 1.2.6 Help.PHP Cross-Site Scripting Vulnerability
  • MRBS 1.2.6 Report.PHP Cross-Site Scripting Vulnerability
  • MRBS 1.2.6 Search.PHP Cross-Site Scripting Vulnerability
  • MRBS 1.2.6 Month.PHP Cross-Site Scripting Vulnerability
  • MRBS 1.2.6 Week.PHP Cross-Site Scripting Vulnerability
  • MRBS 1.2.6 Day.PHP Cross-Site Scripting Vulnerability
  • Joomla! and Mambo EZ Store Component SQL Injection Vulnerability
  • MagicScripts E-Store Script Viewdetails.PHP SQL Injection Vulnerability
  • K-Link Visit.PHP SQL Injection Vulnerability
  • K-Link Index.PHP Cross Site Scripting Vulnerability
  • freeForum 1.7 Index.PHP Cross-Site Scripting Vulnerability
  • Pligg 9.9.5 Index.PHP Cross Site Scripting Vulnerability
  • Homes 4 Sale Results.PHP Cross Site Scripting Vulnerability
  • PHP-Nuke Book Catalog 1.0 Modules.PHP SQL Injection Vulnerability
  • e-Vision CMS 2.0 Print.PHP SQL Injection Vulnerability
  • e-Vision CMS 2.0 Style.PHP SQL Injection Vulnerability
  • GreenCart PHP Shopping Cart Product_Desc.PHP SQL Injection Vulnerability
  • iTGP 1.0.4 Go.PHP SQL Injection Vulnerability
  • iPost 1.0.1 Go.PHP SQL Injection Vulnerability
  • E-topbiz Online Dating Mail.PHP SQL Injection Vulnerability
  • eStoreAff 0.1 Index.PHP SQL Injection Vulnerability [CVE-2008-3484]
  • PHPAuction GPL Enhanced 2.51 Profile.PHP SQL Injection Vulnerability
  • common solutions csphonebook 1.02 Index.PHP Cross Site Scripting Vulnerability
  • phpMyRealty Index.PHP SQL Injection Vulnerability
  • LetterIt 2.0 Wysiwyg.PHP Local File Include Vulnerability
  • H0tturk Panel Gizli.PHP Remote File Include Vulnerability
  • Pligg 9.9 Vote.PHP SQL Injection Vulnerability
  • Pligg 9.9 Story.PHP SQL Injection Vulnerability
  • eNdonesia Mod.PHP SQL Injection Vulnerability
  • PozScripts TubeGuru Video Sharing Script Ugroups.PHP SQL Injection Vulnerability [CVE-2008-3419]
  • PozScripts Classified Ads Browsecats.PHP SQL Injection Vulnerability
  • Article Friendly Pro Authordetail.PHP SQL Injection Vulnerability

This entry was posted in N-Stalker Latest Updates. Bookmark the permalink.
Products
About N-Stalker
Contact

Rua Monte Alegre, 61 - cj 81
Sao Paulo, BRA, 05014-000
BRA Phone: +55-11-3868-1997
Contact us