RESELLER | LOGIN
← Volte para a página principal
N-Stalker Latest Updates

Joomla vulnerability and multiple updates

By N-Stalker Team on October 17, 2008

N-Stalker has made available the latest database update for its Web Application Security Assessment Products.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • Attachmax 2.1 Index.PHP SQL Injection Vulnerability [CVE-2008-4205]
  • LokiCMS 0.3.4 Admin.PHP Local File Include Vulnerability
  • MyPHPDating Success_Story.PHP SQL Injection Vulnerability
  • SezHoo 0.1 SezHooTabsAndActions.PHP Parameter Remote File Include Vulnerability
  • Webscene eCommerce Productlist.PHP SQL Injection Vulnerability
  • XOOPS xhresim Module Index.PHP SQL Injection Vulnerability
  • ParsBlogger Links.ASP SQL Injection Vulnerability
  • IndexScript 3.0 Sug_Cat.PHP SQL Injection Vulnerability
  • ASP Indir Iltaweb Alisveris Sistemi Urunler.ASP SQL Injection Vulnerability
  • My PHP Indexer 1.0 Index.PHP Directory Traversal Vulnerability
  • Real Estate Classifieds Index.PHP SQL Injection Vulnerability
  • EEB-CMS 0.95 Index.PHP Cross-Site Scripting Vulnerability
  • COM_JEUX Joomla! Component Index.PHP SQL Injection Vulnerability
  • Absolute Poll Manager 4.1 Xlacomments.ASP SQL Injection Vulnerability
  • Easynet4u Link Host Directory.PHP SQL Injection Vulnerability
  • Ignite Gallery 0.8.3 Index.PHP SQL Injection Vulnerability
  • MunzurSoft Wep Portal W3 Kategori.ASP SQL Injection Vulnerability [CVE-2008-4573]
  • Joomla! and Mambo Mad4Joomla Mailforms Component Index.PHP SQL Injection Vulnerability
  • Easynet4u Faq Host Faq.PHP SQL Injection Vulnerability
  • Easynet4u Forum Host Forum.PHP SQL Injection Vulnerability
  • Ayco Okul Portali Default.ASP SQL Injection Vulnerability [CVE-2008-4574]
  • Scriptsez Mini Hosting Panel Members.PHP Local File Include Vulnerability
  • Scriptsez Easy Image Downloader Main.PHP Local File Include Vulnerability
  • IranMC Arad Center News.PHP SQL Injection Vulnerability
  • Joomtracker 1.01 Index.PHP SQL Injection Vulnerability
  • GForge 4.6 New/Index.PHP SQL Injection Vulnerability
  • GForge 4.6 Editprofile.PHP SQL Injection Vulnerability
  • GForge 4.6 Shownotes.PHP SQL Injection Vulnerability
  • GForge 4.6 Topusers.PHP SQL Injection Vulnerability
  • GForge 4.6 News/Index.PHP SQL Injection Vulnerability
  • Pre News Manager 1.0 News_Detail.PHP SQL Injection Vulnerability
  • DFFFrameworkAPI DFF_Affiliate_Client_API.PHP Remote File Include Vulnerability
  • DFFFrameworkAPI DFF_Sku.Func.PHP Remote File Include Vulnerability
  • DFFFrameworkAPI DFF_Rss.Func.PHP Remote File Include Vulnerability
  • DFFFrameworkAPI DFF_Paging.Func.PHP Remote File Include Vulnerability
  • DFFFrameworkAPI DFF_Mer.Func.PHP Remote File Include Vulnerability
  • DFFFrameworkAPI DFF_Featured_Prdt.Func.PHP Remote File Include Vulnerability
  • Camera Life 2.6.2b4 Album.PHP SQL Injection Vulnerability
  • Camera Life 2.6.2b4 Topic.PHP Cross Site Scripting Vulnerability
  • Stash 1.0.3 News.PHP SQL Injection Vulnerability
  • Built2Go Real Estate Listings 1.5 Event_Detail.PHP SQL Injection Vulnerability [CVE-2008-4497]
  • TorrentTrader Classic Edition 1.04 Completed-Advance.PHP SQL Injection Vulnerability [CVE-2008-4494]
  • Select Development Solutions Multiple Products View_Cat.PHP SQL Injection Vulnerability
  • PHP Auto\’s 2.9.1 Searchresults.PHP SQL Injection Vulnerability
  • Built2Go Real Estate Listings 1.5 Event_Detail.PHP SQL Injection Vulnerability
  • TorrentTrader Classic Edition Completed-Advance.PHP SQL Injection Vulnerability
  • Yerba 6.3 index.PHP Local File Include Vulnerability
  • asiCMS 0.208 Association.PHP Remote File Include Vulnerability
  • PHP Web Explorer 0.99b Main.PHP Local File Include Vulnerability
  • PHP Web Explorer 0.99b Edit.PHP Local File Include Vulnerability
  • Galerie 3.2 Galerie.PHP SQL Injection Vulnerability
  • AmpJuke 0.7.5 Index.PHP SQL Injection Vulnerability
  • PHP-Fusion 6.1.5 Recept.PHP SQL Injection Vulnerability
  • PHP-Fusion 6.1.5 Race_Details.PHP SQL Injection Vulnerability
  • pPIM 1.01 Notes.PHP Local File Include Vulnerability
  • XAMPP for Windows 1.6.8 Phonebook.PHP SQL Injection Vulnerability
  • geccBBlite 2.0 Leggi.PHP SQL Injection Vulnerability
  • PHP-Fusion 6.1.5 Manuals.PHP SQL Injection Vulnerability
  • Fastpublish CMS 1.9999 Index2.PHP SQL Injection Vulnerability
  • Fastpublish CMS 1.9999 Index.PHP SQL Injection Vulnerability
  • Fastpublish CMS 1.9999 Index2.PHP Local File Include Vulnerability
  • Fastpublish CMS 1.9999 Index.PHP Local File Include Vulnerability
  • PHP-Fusion 6.1.5 Thisraidprogress.PHP SQL Injection Vulnerability
  • XAMPP for Windows 1.6.8 Cds.PHP SQL Injection Vulnerability
  • IP Reg 0.4 Login.PHP SQL Injection Vulnerability
  • Website Directory Index.PHP Cross-Site Scripting Vulnerability
  • Full PHP Emlak Script Arsaprint.PHP SQL Injection Vulnerability
  • AdaptCMS Lite 1.3 Check_User.PHP SQL Injection Vulnerability
  • OpenX 2.6.1 Ac.PHP SQL Injection Vulnerability
  • AmpJuke 0.7.5 Index.PHP SQL Injection Vulnerability
  • VeriSign Kontiki Delivery Management System 5.0 ACTION Parameter Cross Site Scripting Vulnerability [CVE-2008-4393]
  • OpenNMS 1.5.94 SurveillanceView.HTM Cross-Site Scripting Vulnerability
  • RPortal 1.1 Index.PHP Remote File Include Vulnerability
  • noName CMS 1.0 Index.PHP KATEGORIE Parameter SQL Injection Vulnerability
  • noName CMS 1.0 Index.PHP FILE_ID Parameter SQL Injection Vulnerability
  • Discussion Forums 2k 3.3 RSS1.PHP SQL Injection Vulnerability
  • Discussion Forums 2k 3.3 RSS2.PHP SQL Injection Vulnerability
  • Discussion Forums 2k 3.3 RSS5.PHP SQL Injection Vulnerability
  • BMForum 5.6 Plugins.PHP SQL Injection Vulnerability
  • Crux Gallery 1.32 Index.PHP Local File Include Vulnerability
  • Dreamcost HostAdmin 3.1.1 Index.PHP Cross-Site Scripting Vulnerability
  • Celoxis User.Do Cross-Site Scripting Vulnerability
  • ASPapp Knowledge Base Content_By_Cat.ASP SQL Injection Vulnerability
  • eZoneScripts Adult Banner Exchange Website Click.PHP SQL Injection Vulnerability
  • QuidaScript BookMarks Favourites Script View_Group.PHP SQL Injection Vulnerability
  • A4Desk Event Calendar Index.PHP Remote File Include Vulnerability
  • Rianxosencabos CMS 0.9 ID Parameter SQL Injection Vulnerability
  • eZoneScripts Link Trader Script Ratelink.PHP SQL Injection Vulnerability
  • WikyBlog 1.7.1 Index.PHP KEY Parameter Cross-Site Scripting Vulnerability
  • WikyBlog 1.7.1 Index.PHP Cross-Site Scripting Vulnerability
  • WikyBlog 1.7.1 Index.PHP USER Parameter Cross-Site Scripting Vulnerability
  • WikyBlog 1.7.1 Index.PHP TO Parameter Cross-Site Scripting Vulnerability
  • WikyBlog 1.7.1 Index.PHP REVNUM Parameter Cross-Site Scripting Vulnerability
  • H-Sphere WebShell 4.3.10 Actions.PHP FN Parameter Cross Site Scripting Vulnerability
  • H-Sphere WebShell 4.3.10 Actions.PHP TAB Parameter Cross Site Scripting Vulnerability
  • H-Sphere WebShell 4.3.10 Actions.PHP MASK Parameter Cross Site Scripting Vulnerability
  • SG Real Estate Portal 2.0 Index.PHP SQL Injection Vulnerability
  • MiNBank 1.5 Utgn_Message.PHP Remote File Include Vulnerability
  • MiNBank 1.5 Utdb_Access.PHP Remote File Include Vulnerability
  • PG Matchmaking News_Read.PHP SQL Injection Vulnerability
  • PG Matchmaking Gifts_Show.PHP SQL Injection Vulnerability
  • Events Calendar 1.1 Header_Setup.PHP PATH[DOCROOT] Parameter Remote File Include Vulnerability
  • Events Calendar 1.1 Header_Setup.PHP COMPONENT Parameter Remote File Include Vulnerability
  • Concord Consortium CoAST 0.95 Header.PHP Remote File Include Vulnerability
  • LnBlog 0.9 Showblog.PHP Local File Include Vulnerability
  • Pro Chat Rooms 3.0.3 Admin.PHP SQL Injection Vulnerability
  • Pro Chat Rooms 3.0.3 Index.PHP SQL Injection Vulnerability
  • Joomla Image Browser Component 0.1.5 Index.PHP Directory Traversal Vulnerability
  • PlugSpace 0.1 Index.PHP Local File Include Vulnerability
  • ParsaGostar ParsaWeb Default.ASPX TXTSEARCH Parameter SQL Injection Vulnerability [CVE-2008-4364]
  • ParsaGostar ParsaWeb Default.ASPX ID Parameter SQL Injection Vulnerability [CVE-2008-4364]
  • PowerPortal 2.0.13 PATH Parameter Directory Traversal Vulnerability [CVE-2008-4361]
  • VBGooglemap Hotspot Edition 1.0.3 Vbgooglemaphse.PHP SQL Injection Vulnerability
  • VBGooglemap Hotspot Edition 1.0.3 Mapa.PHP SQL Injection Vulnerability
  • Pilot Group eTraining News_Read.PHP SQL Injection Vulnerability
  • ZEEWAYS ZEELYRICS 2.0 Bannerclick.PHP SQL Injection Vulnerability
  • PHPcounter 1.3.2 Index.PHP SQL Injection Vulnerability
  • MyCard 1.0.2 Gallery.PHP SQL Injection Vulnerability
  • BitmixSoft PHP-Lance 1.52 Show.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 Browser.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 Zipit.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 Zip.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 Thumb.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 Mail.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 File.PHP SQL Injection Vulnerability
  • E-Uploader PRO 1.0 Img.PHP SQL Injection Vulnerability
  • Joovili 3.0 View.Blog.PHP SQL Injection Vulnerability
  • Joovili 3.0 View.Video.PHP SQL Injection Vulnerability
  • Joovili 3.0 View.Picture.PHP SQL Injection Vulnerability
  • Joovili 3.0 View.Music.PHP SQL Injection Vulnerability
  • Joovili 3.0 View.Group.PHP SQL Injection Vulnerability
  • Joovili 3.0 View.Event.PHP SQL Injection Vulnerability
  • Lyrics Script Search_Results.PHP Cross Site Scripting Vulnerability
  • WhoDomLite 1.1.3 Wholite.CGI Cross Site Scripting Vulnerability
  • Conkurent Real Estate Manager 1.01 CAT_ID Parameter SQL Injection Vulnerability
  • Recipe Script Search.PHP Cross Site Scripting Vulnerability
  • X7 Chat 2.0.1A1 Mini.PHP Local File Include Vulnerability
  • WordPress MU 1.3.1 Wp-Admin/Wpmu-Blogs.PHP IP_ADDRESS Parameter Cross Site Scripting Vulnerability
  • WordPress MU 1.3.1 Wp-Admin/Wpmu-Blogs.PHP S Parameter Cross Site Scripting Vulnerability
  • ArabCMS 2.0 Rss.PHP Local File Include Vulnerability
  • PHP-Fusion Freshlinks Module 1.0 Index.PHP SQL Injection Vulnerability
  • BbZL.PhP 0.92 Index.PHP Directory Traversal Vulnerability
  • The Gemini Portal 4.7 Bottom.PHP Remote File Include Vulnerability
  • The Gemini Portal 4.7 Category.PHP Remote File Include Vulnerability
  • 212cafe Board 0.07 View.PHP SQL Injection Vulnerability
  • PromoteWeb MySQL Go.PHP SQL Injection Vulnerability
  • Ultimate Webboard 3.00 Webboard.PHP SQL Injection Vulnerability
  • openEngine 2.0 Filepool.PHP Remote File Include Vulnerability
  • Barcode Generator 2.0 LSTable.PHP Remote File Include Vulnerability
  • PHP infoBoard 7.0 Showtopic.PHP SQL Injection Vulnerability
  • phpOCS 0.1 Index.PHP Local File Include Vulnerability
  • AJ Auction Pro Search.PHP SQL Injection Vulnerability
  • AJ Auction Pro Search.PHP Cross Site Scripting Vulnerability
  • Barcode Generator 2.0 Image.PHP Local File Include Vulnerability
  • RPG.Board 0.8 Index.PHP SQL Injection Vulnerability
  • Jadu CMS for Government Recruit_Details.PHP SQL Injection Vulnerability
  • MailWatch 1.0.4 Docs.PHP Local File Include Vulnerability
  • PHPcounter 1.3.2 Phpcounterdefs.PHP Local File Include Vulnerability
  • PHPcounter 1.3.2 Defs.PHP Local File Include Vulnerability
  • emergecolab 1.0 Index.PHP Local File Include Vulnerability
  • AJ Auction Pro Platinum Skin #2 Detail.PHP SQL Injection Vulnerability
  • Jetik.net ESA 2.0 Sayfalar.PHP SQL Injection Vulnerability
  • Jetik.net ESA 2.0 Diger.PHP SQL Injection Vulnerability
  • openEngine 1.7.1 Cms/System/Openengine.PHP Remote File Include Vulnerability
  • OpenNMS 1.5.93 List Cross-Site Scripting Vulnerability
  • OpenNMS 1.5.93 List.JSP Cross-Site Scripting Vulnerability
  • OpenNMS 1.5.93 J_Acegi_Security_Check Cross-Site Scripting Vulnerability
  • Atomic Photo Album 1.1.0 Album.PHP Cross Site Scripting Vulnerability
  • Atomic Photo Album 1.1.0 Album.PHP SQL Injection Vulnerability
  • FlatPress 0.804 Contact.PHP Cross-Site Scripting Vulnerability [CVE-2008-4120]
  • FlatPress 0.804 Login.PHP USER Parameter Cross-Site Scripting Vulnerability [CVE-2008-4120]
  • FlatPress 0.804 Login.PHP PASS Parameter Cross-Site Scripting Vulnerability [CVE-2008-4120]
  • Libra File Manager 1.18 Fileadmin.PHP Local File Include Vulnerability
  • Lansuite 3.3.2 Index.PHP Local File Include Vulnerability
  • EasyRealtorPRO 2008 Site_Search.PHP ITEM Parameter SQL Injection Vulnerability
  • EasyRealtorPRO 2008 Site_Search.PHP SEARCH_ORDER Parameter SQL Injection Vulnerability
  • EasyRealtorPRO 2008 Site_Search.PHP ORDERMETHOD Parameter SQL Injection Vulnerability
  • Vikingboard 0.2 Upload/Index.PHP Local File Include Vulnerability
  • BaseBuilder 2.0.1 Main.Inc.PHP Remote File Include Vulnerability
  • 6rbScript Cat.PHP SQL Injection Vulnerability
  • Ol’ Bookmarks 0.7.5 Frame.PHP Remote File Include Vulnerability
  • Ol’ Bookmarks 0.7.5 Show.PHP Local File Include Vulnerability
  • Ol’ Bookmarks 0.7.5 Frame.PHP Local File Include Vulnerability
  • Greatclone Hotscripts Clone Showcategory.PHP SQL Injection Vulnerability
  • Greatclone GC Auction Platinum Category.PHP SQL Injection Vulnerability [CVE-2008-3413]
  • E-Php Shopping Cart Script Search_Results.PHP SQL Injection Vulnerability
  • BuzzScripts BuzzyWall 1.3.1 Search.PHP SQL Injection Vulnerability
  • fuzzylime (cms) 3.0 Usercheck.PHP Cross Site Scripting Vulnerability [CVE-2008-3098]
  • openElec 3.01 Form.PHP Local File Include Vulnerability
  • xt:Commerce 3.04 Advanced_Search_Result.PHP Cross Site Scripting Vulnerability
  • WSN Links 2.23 Vote.PHP SQL Injection Vulnerability
  • MapCal 0.1 Index.PHP SQL Injection Vulnerability
  • WSN Links 4.0.34P Comments.PHP SQL Injection Vulnerability
  • 6rbScript 3.3 Section.PHP Local File Include Vulnerability
  • rgb72 WCMS News_Detail.ASP SQL Injection Vulnerability
  • MyBB 1.4.1 Attachments.PHP Unspecified Vulnerability
  • MyBB 1.4.1 Usercp.PHP Unspecified Vulnerability
  • Akira Powered Image Gallery 0.9.6.2 Function.PHP SQL Injection Vulnerability
  • InterTech WCMS Etemplate.PHP SQL Injection Vulnerability
  • JETIK-WEB Sayfa.PHP SQL Injection Vulnerability
  • Sofi WebGUI 0.6 Modstart.PHP Remote File Include Vulnerability
  • iGaming CMS 1.5 Index.PHP SQL Injection Vulnerability
  • iGaming CMS 1.5 Reviews.PHP SQL Injection Vulnerability
  • iGaming CMS 1.5 Previews.PHP SQL Injection Vulnerability
  • OpenRat 0.8-beta4 Insert.Inc.PHP Remote File Include Vulnerability
  • Omnicom Content Platform 2.0 Browser.ASP Directory Traversal Vulnerability
  • Datalife Engine CMS 7.2 Admin.PHP Cross Site Scripting Vulnerability
  • Achievo 1.3.2 Dispatch.PHP Cross Site Scripting Vulnerability
  • MyFWB 1.0 Index.PHP SQL Injection Vulnerability
  • WebCalendar 1.0.4 Send_Reminders.PHP Remote File Include Vulnerability [CVE-2008-2836]
  • Joomla! Custompages Component 1.1 Index.PHP Remote File Include Vulnerability [CVE-2008-1505]
  • Mambo Site Server 3.0.5 Administrator Password Bypass Vulnerability [CVE-2001-1011]
  • Dotproject 2.0.1 Db_Adodb.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Rgboard 3.0.12 Bbs.Lib.Inc.PHP Remote File Include Vulnerability [CVE-2008-2296]
  • PHPKB 1.5 Question.PHP SQL Injection Vulnerability
  • PHPKB 1.5 Email.PHP SQL Injection Vulnerability
  • eXtrovert software Thyme 1.3 Add_Calendars.PHP Cross Site Scripting Vulnerability
  • Akira Powered Image Gallery 0.9.6.2 Function.PHP SQL Injection Vulnerability
  • Diesel Job Site Job-Info.PHP SQL Injection Vulnerability
  • AvailScript Article Script View.PHP SQL Injection Vulnerability
  • 6rbScript 3.3 Section.PHP SQL Injection Vulnerability
  • NetArt Media Jobs Portal 1.3 Index.PHP NEWS_ID Parameter SQL Injection Vulnerability
  • NetArt Media Jobs Portal 1.3 Index.PHP JOB Parameter SQL Injection Vulnerability
  • NetArt Media Real Estate Portal 2.0 Index.PHP SQL Injection Vulnerability
  • Mevin Productions Basic PHP Events Lister 1.0 Event.PHP SQL Injection Vulnerability
  • Oceandir 2.9 Show_Vote.PHP SQL Injection Vulnerability
  • Diesel Pay Index.PHP SQL Injection Vulnerability
  • Plaincart 1.1.2 Index.PHP SQL Injection Vulnerability
  • jPortal 2.0 Humor.PHP SQL Injection Vulnerability
  • PHP Pro Bid 6.04 Categories.PHP SQL Injection Vulnerability

This entry was posted in N-Stalker Latest Updates. Bookmark the permalink.
Products
About N-Stalker
Contact

Rua Monte Alegre, 61 - cj 81
Sao Paulo, BRA, 05014-000
BRA Phone: +55-11-3868-1997
Contact us