phpBB2 & CuteNews vulnerabilities and multiple updates
N-Stalker has made available the latest database update for its Web Application Security Assessment Products.
You will be able to download it automatically in the following versions:
- N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
- WSI Update (N-Stalker Update Manager)
- N-Stealth HTTP Security Scanner (not updated)
You should be able to receive it automatically next time you execute the scanner.
If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.
If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)
This release has included the following vulnerabilities:
- Pre ADS Portal 2.0 Adminhome.PHP Cross-Site Scripting Vulnerability
- Pre ADS Portal 2.0 Signinform.PHP Cross-Site Scripting Vulnerability
- MySQL Quick Admin 1.5.5 Actions.PHP Local File Include Vulnerability [CVE-2008-4454]
- Develop It Easy Membership System 1.3 Customer_Login.PHP SQL Injection Vulnerability
- Develop It Easy Photo Gallery 1.2 Gallery_Category.PHP SQL Injection Vulnerability
- Develop It Easy Photo Gallery 1.2 Gallery_Photo.PHP SQL Injection Vulnerability
- Develop It Easy News And Article System 1.4 Article_Details.PHP SQL Injection Vulnerability [CVE-2008-5131]
- CuteNews 1.4.6 Register.PHP Local File Include Vulnerability
- CuteNews aj-fork Register.PHP Remote File Include Vulnerability
- Five Dollar Scripts Drinks Script Index.PHP SQL Injection Vulnerability
- Joomla! Dada Mail Manager Component 2.6 Remote File Include Vulnerability
- Pre Job Board SQL Injection Vulnerability
- Pre Simple CMS Adminlogin.PHP SQL Injection Vulnerability [CVE-2008-5058]
- PHP Auto Listings Script Moreinfo.PHP SQL Injection Vulnerability
- Mole Group Taxi Dist-Calc Script Login.PHP SQL Injection Vulnerability
- Mole Group Airline Ticket Script Info.PHP SQL Injection Vulnerability
- Pre Multi-Vendor Shopping Malls Buyer_Detail.PHP CID Parameter SQL Injection Vulnerability
- Pre Multi-Vendor Shopping Malls Buyer_Detail.PHP SID Parameter SQL Injection Vulnerability
- Pre Podcast Portal Tour.PHP SQL Injection Vulnerability
- phpBB2 Small ShoutBox Module 1.4 Shoutbox_View.PHP NAME_ID Parameter SQL Injection Vulnerability
- phpBB2 Small ShoutBox Module 1.4 Shoutbox_View.PHP ID Parameter SQL Injection Vulnerability
- DHCart 3.84 Order.PHP DOMAIN Parameter Cross Site Scripting Vulnerability
- DHCart 3.84 Order.PHP D1 Parameter Cross Site Scripting Vulnerability
- Simple Document Management System 1.1.5 Login.PHP SQL Injection Vulnerability
- MicroHellas ToursManager Cityview.PHP SQL Injection Vulnerability
- Tr Script News 2.1 Admin/Login.PHP SQL Injection Vulnerability
- nicLOR CMS-School 2005 Showarticle.PHP SQL Injection Vulnerability
- nicLOR Vibro-School CMS View_News.PHP SQL Injection Vulnerability
- Way Of The Warrior 5.0 Visualizza.PHP Local File Include Vulnerability
- Way Of The Warrior 5.0 Crea.PHP Remote File Include Vulnerability
- firmCHANNEL Indoor & Outdoor Digital Signage 3.24 Cross Site Scripting Vulnerability [CVE-2008-4931]
- Vibro-CMS View_Pagina.PHP SQL Injection Vulnerability
- Vibro-CMS View_Sub-Pagina.PHP SQL Injection Vulnerability
- Vibro-CMS View_News.PHP SQL Injection Vulnerability
- Pro Desk Support Center 1.2 Index.PHP Local File Include Vulnerability
- Sitoincludefile in PHP Includefile.PHP Local File Include Vulnerability
- VirtueMart Google Base (Froogle) Component 1.1 Admin.Googlebase.PHP Remote File Include Vulnerability
- WEBBDOMAIN Post Card 1.02 Choosecard.PHP SQL Injection Vulnerability
- Joomla! Onguma Time Sheet Component 2.0 Onguma.Class.PHP Remote File Include Vulnerability
- Multi Languages WebShop Online Cross-Site Scripting Vulnerability
- Multi Languages WebShop Online SQL Injection Vulnerability
- TBmnetCMS 1.0 Index.PHP Local File Include Vulnerability
- Matpo.de Link 1.2 View.PHP Cross Site Scripting Vulnerability
- Dragan Mitic Apoll 0.7 Index.PHP SQL Injection Vulnerability
- BosClassifieds Index.PHP SQL Injection Vulnerability
- SignMe 1.5 Signme.Inc.PHP Cross Site Scripting Vulnerability
- MyGallery 1.7.2 Gallery.Inc.PHP Cross Site Scripting Vulnerability [CVE-2008-4892]
- ASP Forum 1.0 Forum.ASP SQL Injection Vulnerability
- Apartment Search Script Cross Site Scripting Vulnerability
- AJ Article 1.0 Index.PHP SQL Injection Vulnerability
- NetRisk 2.0 Index.PHP Cross Site Scripting Vulnerability [CVE-2008-4888]
- NetRisk 2.0 Index.PHP SQL Injection Vulnerability [CVE-2008-4887]
- deV!Lz Clanportal 1.4.9.6 USERS Parameter SQL Injection Vulnerability
- Maran Project Maran PHP Shop Prodshow.PHP SQL Injection Vulnerability [CVE-2008-4880]
- Tribiq CMS 5.0.10a Header.Inc.PHP Cross Site Scripting Vulnerability [CVE-2008-4893]
- Maran Project Maran PHP Shop Prod.PHP SQL Injection Vulnerability [CVE-2008-4879]
- 1st News Products.PHP SQL Injection Vulnerability [CVE-2008-4890]
- YourFreeWorld Shopping Cart Script C Parameter SQL Injection Vulnerability [CVE-2008-4886]
- YourFreeWorld Classifieds Hosting Script ID Parameter SQL Injection Vulnerability [CVE-2008-4884]
- YourFreeWorld Blog Blaster Script ID Parameter SQL Injection Vulnerability [CVE-2008-4883]
- YourFreeWorld Scrolling Text Ads Script ID Parameter SQL Injection Vulnerability [CVE-2008-4885]
- YourFreeWorld Classifieds Blaster Script ID Parameter SQL Injection Vulnerability [CVE-2008-4882]
- Bloggie Lite Cookie 0.0.2 SQL Injection Vulnerability [CVE-2008-5004]
- Joomla! Flash Tree Gallery Component 1.0 Admin.Treeg.PHP Remote File Include Vulnerability
- Scripts For Sites EZ e-store Searchresults.PHP SQL Injection Vulnerability
- Scripts For Sites EZ Auction Viewfaqs.PHP SQL Injection Vulnerability [CVE-2008-2189]
- Scripts For Sites EZ Top Sites Topsite.PHP SQL Injection Vulnerability
- Scripts For Sites EZ Career Content.PHP SQL Injection Vulnerability
- Sharedlog CMS Remote File Include Vulnerability
- EZ BIZ PRO Track.PHP SQL Injection Vulnerability
- Article Publisher Pro 1.5 Admin.PHP SQL Injection Vulnerability [CVE-2008-4901]
- EZ Adult Directory Adultdir/Directory.PHP SQL Injection Vulnerability
- EZ Gaming Directory Gaming/Directory.PHP SQL Injection Vulnerability
- Logz podcast CMS 1.3.1 Add_Url.PHP SQL Injection Vulnerability [CVE-2008-4897]
- Scripts For Sites EZ Link Directory Links.PHP SQL Injection Vulnerability
- EZ Webring Category.PHP SQL Injection Vulnerability
- Scripts For Sites EZ Hotscripts Showcategory.PHP SQL Injection Vulnerability
- Camera Life 2.6.2b8 Search.PHP Cross Site Scripting Vulnerability
- Camera Life 2.6.2b8 Iconset-Debug.PHP Cross Site Scripting Vulnerability
- Camera Life 2.6.2b8 Rss.PHP Cross Site Scripting Vulnerability
- Camera Life 2.6.2b8 Media.PHP Cross Site Scripting Vulnerability
- Camera Life 2.6.2b8 Login.PHP Cross Site Scripting Vulnerability
- Camera Life 2.6.2b8 Folder.PHP Cross Site Scripting Vulnerability
- Camera Life 2.6.2b8 Photos/Photo Cross Site Scripting Vulnerability
- Tribiq CMS 5.0.10 Header.Inc.PHP Local File Include Vulnerability [CVE-2008-4894]
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP CURRENTVERSION Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP THISAPP Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP THISPAGE Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP LOCALAPP Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP DOMAIN_SHOW Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP SCRIPTPATH_SHOW Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP UPDATEDIR Parameter Cross-Site Scripting Vulnerability
- cPanel 11.21 Autoinstall4imagesgalleryupgrade.PHP Local File Include Vulnerability
- Matpo.de Link 1.2b View.PHP SQL Injection Vulnerability
- Interact 2.4.1 Emailuser.PHP SQL Injection Vulnerability [CVE-2008-3867]
- SpitFire Photo Pro Pages.PHP SQL Injection Vulnerability
- phpWebSite 0.9.3 Links.PHP SQL Injection Vulnerability
- CompactCMS 1.1 Admin/Index.PHP Cross Site Scripting Vulnerability [CVE-2008-4909]
- e107 Lyrics Plugin Lyrics_Song.PHP SQL Injection Vulnerability [CVE-2008-4906]
- Harlandscripts Pro Traffic One Mypage.PHP SQL Injection Vulnerability
- vulnSig_title vulnSig_cve]
- Agora 1.4.2 MysqlfinderAdmin.PHP Remote File Include Vulnerability [CVE-2006-7194]
- MyPHP Forum 3.0 Member.PHP ID Parameter SQL Injection Vulnerability
- MyPHP Forum 3.0 Post.PHP PID Parameter SQL Injection Vulnerability
- MyPHP Forum 3.0 Post.PHP QUOTE Parameter SQL Injection Vulnerability
- MyPHP Forum 3.0 Member.PHP USER Parameter SQL Injection Vulnerability
- Harlandscripts Pro Traffic One Poll_Results.PHP SQL Injection Vulnerability
- WebCards 1.3 Admin.PHP Login Page SQL Injection Vulnerability [CVE-2008-4877]
- Extrakt Framework 0.7 Index.PHP Cross Site Scripting Vulnerability
- KKE Info Media Kmita Gallery Search.PHP Cross-Site Scripting Vulnerability
- KKE Info Media Kmita Gallery Index.PHP Cross-Site Scripting Vulnerability
- Elkagroup Image Gallery 1.0 View.PHP SQL Injection Vulnerability
- KKE Info Media Kmita Catalogue 2.0 Search.PHP Cross Site Scripting Vulnerability
- H&H Solutions WebSoccer 2.80 Liga.PHP SQL Injection Vulnerability
- Dorsa CMS Default_.ASPX Cross Site Scripting Vulnerability
- Venalsur Booking Centre Cadena_Ofertas_Ext.PHP SQL Injection Vulnerability
- Venalsur Booking Centre Cadena_Ofertas_Ext.PHP Cross Site Scripting Vulnerability
- Agares Media ThemeSiteScript 1.0 Frontpage_Right.PHP Remote File Include Vulnerability
- PersianBB Iranian_Music.PHP SQL Injection Vulnerability
- PHP-Nuke Nuke League Module Modules.PHP Cross-Site Scripting Vulnerability
- All In One Control Panel 1.4 Cp_Polls_Results.PHP SQL Injection Vulnerability [CVE-2008-4782]