RESELLER | LOGIN
← Volte para a página principal
N-Stalker Latest Updates

myBB, JetBox, myPHPNuke vulnerabilities and multiple updates

By N-Stalker Team on November 3, 2008

N-Stalker has made available the latest database update for its Web Application Security Assessment Products.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • e107 CMS EasyShop Plugin Easyshop.PHP SQL Injection Vulnerability [CVE-2008-4786]
  • Questwork QuestCMS Main.PHP Cross Site Scripting Vulnerability [CVE-2008-4774]
  • Questwork QuestCMS Main.PHP Directory Traversal Vulnerability [CVE-2008-4773]
  • Questwork QuestCMS Main.PHP SQL Injection Vulnerability [CVE-2008-4772]
  • MyKtools 2.4 Update.PHP Local File Include Vulnerability [CVE-2008-4781]
  • bcoos 1.013 Click.PHP SQL Injection Vulnerability
  • e107 CMS ALTERNATE_PROFILES Plugin 0.2 Newuser.PHP SQL Injection Vulnerability [CVE-2008-4785]
  • Tandis CMS 2.5 Index.PHP NID Parameter SQL Injection Vulnerability
  • Tandis CMS 2.5 Index.PHP CPAGE Parameter SQL Injection Vulnerability
  • bcoos 1.0.13 Common.PHP Remote File Include Vulnerability
  • phpMyAdmin 3.0.1 Pmd_Pdf.PHP Cross Site Scripting Vulnerability [CVE-2008-4775]
  • PozScripts Classified Ads Gotourl.PHP SQL Injection Vulnerability [CVE-2008-4755]
  • Graphiks MyForum 1.3 Centre.PHP Local File Include Vulnerability
  • Graphiks MyForum 1.3 Lecture.PHP SQL Injection Vulnerability [CVE-2008-4760]
  • SFS Ez Forum Forum.PHP SQL Injection Vulnerability [CVE-2008-4754]
  • Php-Daily 1.2 Download_File.PHP Directory Traversal Vulnerability [CVE-2008-4758]
  • Php-Daily 1.2 Prest_Detail.PHP SQL Injection Vulnerability [CVE-2008-4757]
  • Php-Daily 1.2 Mod_Prest_Date.PHP SQL Injection Vulnerability [CVE-2008-4757]
  • Php-Daily 1.2 Delete.PHP SQL Injection Vulnerability [CVE-2008-4757]
  • Php-Daily 1.2 Add_Postit.PHP SQL Injection Vulnerability [CVE-2008-4757]
  • Php-Daily 1.2 Add_Prest_Date.PHP Cross-Site Scripting Vulnerability [CVE-2008-4756]
  • KasraCMS Index.PHP SHME Parameter SQL Injection Vulnerability
  • KasraCMS Index.PHP CONT Parameter SQL Injection Vulnerability
  • KBase 1.2 Joomla! Component Index.PHP SQL Injection Vulnerability
  • MyBB 1.4.2 Moderation.PHP Cross-Site Scripting Vulnerability
  • AJ RSS Reader EditUrl.PHP SQL Injection Vulnerability [CVE-2008-4753]
  • iPei Guestbook 2.0 Index.PHP Cross-Site Scripting Vulnerability [CVE-2008-4751]
  • Kayako eSupport 3.20.2 Html-Tidy-Logic.PHP Cross Site Scripting Vulnerability [CVE-2008-4761]
  • Joomla! Archaic Binary Gallery 1.0 Index.PHP Directory Traversal Vulnerability
  • MiniPortail 2.2 Search.PHP Local File Include Vulnerability
  • MindDezign Photo Gallery 2.2 Index.PHP SQL Injection Vulnerability
  • WebSVN 2.0 Index.PHP Cross-Site Scripting Vulnerability
  • Joomla! RWCards Component 3.0.11 Captcha_Image.PHP Local File Include Vulnerability
  • ClipShare Pro 4.0 Fullscreen.PHP Cross Site Scripting Vulnerability
  • Jetbox CMS 2.1 Index.PHP Cross Site Scripting Vulnerability
  • phpcrs 2.06 Frame.PHP Local File Include Vulnerability
  • TXTshop 1.0b Header.PHP Local File Include Vulnerability
  • CS-Partner 1.0 Gestion.PHP SQL Injection Vulnerability
  • Osprey 1.0a4.1 ListRecords.PHP LIB_DIR Parameter Remote File Include Vulnerability [CVE-2006-6630]
  • Osprey 1.0a4.1 ListRecords.PHP XML_DIR Parameter Remote File Include Vulnerability
  • LoudBlog 0.6.1 Ajax.PHP SQL Injection Vulnerability
  • Joomla! ionFiles Component 4.4.2 Download.PHP Directory Traversal Vulnerability
  • Dorsa CMS ShowPage.ASPX SQL Injection Vulnerability
  • Joomla! and Mambo Daily Message Component 1.0.3 Index.PHP SQL Injection Vulnerability
  • ShopMaker 1.0 Product.PHP SQL Injection Vulnerability
  • Bahar Download Script 2.0 Aspkat.ASP SQL Injection Vulnerability [CVE-2006-6672]
  • Dizi Portali Diziler.ASP SQL Injection Vulnerability
  • phPhotoGallery 0.92 Index.PHP SQL Injection Vulnerability
  • Limbo CMS Open.PHP SQL Injection Vulnerability
  • Wysi Wiki Wyg 1.0 Index.PHP Cross Site Scripting Vulnerability
  • PHP-Nuke Sarkilar Module Modules.PHP SQL Injection Vulnerability
  • LightBlog 9.8 Login.PHP Local File Include Vulnerability
  • Vivvo Article Management 3.2 Index.PHP Remote File Include Vulnerability
  • myWebland miniBloggie 1.0 Del.PHP SQL Injection Vulnerability [CVE-2008-4628]
  • Meeting Room Booking System 1.4 Week.PHP SQL Injection Vulnerability [CVE-2008-4620]
  • Meeting Room Booking System 1.4 Day.PHP SQL Injection Vulnerability [CVE-2008-4620]
  • Meeting Room Booking System 1.4 Month.PHP SQL Injection Vulnerability [CVE-2008-4620]
  • XOOPS GesGaleri Module Index.PHP SQL Injection Vulnerability
  • Zeeproperty Bannerclick.PHP SQL Injection Vulnerability [CVE-2008-4621]
  • ShiftThis Newsletter WordPress Plugin Stnl_Iframe.PHP SQL Injection Vulnerability [CVE-2008-4625]
  • Makale XOOPS Module 0.26 Makale.PHP SQL Injection Vulnerability [CVE-2008-4653]
  • Dotproject 2.0.1 Gantt.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Date_Format.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Calendar.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Vw_Usr_Roles.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Vw_Files.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Gantt2.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Gantt.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Db_Connect.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • Dotproject 2.0.1 Session.PHP Remote File Include Vulnerability [CVE-2006-0755]
  • yappa-ng 2.3.2 Index.PHP Local File Include Vulnerability [CVE-2008-4626]
  • cpCommerce 1.2.3 Search.PHP Cross Site Scripting Vulnerability [CVE-2008-4121]
  • cpCommerce 1.2.3 Sendtofriend.PHP Cross Site Scripting Vulnerability [CVE-2008-4121]
  • Jetbox CMS 2.1 Nav.PHP SQL Injection Vulnerability [CVE-2008-4651]
  • Jetbox CMS 2.1 Images.PHP SQL Injection Vulnerability [CVE-2008-4651]
  • Woltlab Burning Board rGallery Plugin 1.09 Index.PHP SQL Injection Vulnerability [CVE-2008-4627]
  • DS-Syndicate Joomla! Component Index2.PHP SQL Injection Vulnerability [CVE-2008-4623]
  • Nice Talk Joomla! Component TAGID Parameter SQL Injection Vulnerability [CVE-2007-4503]
  • Fast Click SQL Lite 1.1.7 Init.PHP Remote File Include Vulnerability [CVE-2008-4624]
  • myEvent 1.6 Viewevent.PHP SQL Injection Vulnerability [CVE-2008-4650]
  • WEB//NEWS 1.4 Search.PHP SQL Injection Vulnerability
  • SweetCMS 1.5.2 Index.PHP SQL Injection Vulnerability
  • myStats Hits.PHP SQL Injection Vulnerability [CVE-2008-4643]
  • AstroSPACES 1.1.1 Profile.PHP SQL Injection Vulnerability
  • Elxis CMS 2008.1 Index.PHP OPTION Parameter Cross Site Scripting Vulnerability [CVE-2008-4648]
  • Elxis CMS 2008.1 Index.PHP CONTACT_ID Parameter Cross Site Scripting Vulnerability [CVE-2008-4648]
  • Elxis CMS 2008.1 Index.PHP BID Parameter Cross Site Scripting Vulnerability [CVE-2008-4648]
  • Elxis CMS 2008.1 Index.PHP TASK Parameter Cross Site Scripting Vulnerability [CVE-2008-4648]
  • Elxis CMS 2008.1 Index.PHP ID Parameter Cross Site Scripting Vulnerability [CVE-2008-4648]
  • Elxis CMS 2008.1 Index.PHP ITEMID Parameter Cross Site Scripting Vulnerability [CVE-2008-4648]
  • Post Affiliate Pro 2.0 Index.PHP Local File Include Vulnerability [CVE-2008-4602]
  • CafeEngine Easy Cafe Engine 1.1 Index.PHP SQL Injection Vulnerability
  • Mic_blog 0.0.3 Category.PHP SQL Injection Vulnerability
  • CafeEngine Menu.PHP SQL Injection Vulnerability
  • CafeEngine Dish.PHP SQL Injection Vulnerability
  • Kure 0.6.3 Index.PHP POST Parameter Local File Include Vulnerability
  • Kure 0.6.3 Index.PHP DOC Parameter Local File Include Vulnerability
  • Mosaic Commerce Category.PHP SQL Injection Vulnerability
  • myPHPNuke 1.8.8_8rc2 DisplayCategory.PHP ADMINPATH Parameter Remote File Include Vulnerability
  • myPHPNuke 1.8.8_8rc2 DisplayCategory.PHP BASEPATH Parameter Remote File Include Vulnerability

This entry was posted in N-Stalker Latest Updates. Bookmark the permalink.
Products
About N-Stalker
Contact

Rua Monte Alegre, 61 - cj 81
Sao Paulo, BRA, 05014-000
BRA Phone: +55-11-3868-1997
Contact us