RESELLER | LOGIN
← Volte para a página principal
N-Stalker Latest Updates

Joomla! & PHP-Fusion vulnerabilities and multiple updates

By N-Stalker Team on January 20, 2009

N-Stalker has made available the latest database update for its Web Application Security Assessment Products.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • Joomla! COM_JASHOWCASE Component Index.PHP SQL Injection Vulnerability
  • Joomla! COM_NEWSFLASH Component Index.PHP SQL Injection Vulnerability
  • SocialEngine 3.10 Browse_Classifieds.PHP SQL Injection Vulnerability
  • Ovidentia 6.7.5 Index.PHP PAT Parameter Cross-Site Scripting Vulnerability
  • Ovidentia 6.7.5 Index.PHP SMAP_NODE_ID Parameter Cross-Site Scripting Vulnerability
  • REALTOR 747 4.11 Define.PHP Remote File Include Vulnerability
  • Joomla! Portfol Component 1.2 Index.PHP SQL Injection Vulnerability
  • Visuplay CMS News_Article.PHP SQL Injection Vulnerability
  • Photobase 1.2 Header.PHP Local File Include Vulnerability
  • Joomla! com_xevidmegahd Component Index.PHP SQL Injection Vulnerability
  • tadbook2 Module for XOOPS Open_Book.PHP SQL Injection Vulnerability
  • DeZine DZcms 3.1 Products.PHP SQL Injection Vulnerability
  • phpMDJ 1.0.3 Animateurs.PHP SQL Injection Vulnerability
  • PizzisCMS 1.5.1 Visualizza.PHP SQL Injection Vulnerability
  • PHP-Fusion VArcade Module 1.8 Callcomments.PHP SQL Injection Vulnerability
  • Openfire 3.6.2 Audit-Policy.JSP Cross-Site Scripting Vulnerability
  • Openfire 3.6.2 User-Properties.JSP Cross-Site Scripting Vulnerability
  • Openfire 3.6.2 Log.JSP Directory Traversal Vulnerability
  • Openfire 3.6.2 Log.JSP Cross-Site Scripting Vulnerability
  • Openfire 3.6.2 Group-Summary.JSP Cross-Site Scripting Vulnerability
  • Openfire 3.6.2 Logviewer.JSP Cross-Site Scripting Vulnerability
  • Members CV (job) Module for PHP-Fusion 1.0 Members.PHP SQL Injection Vulnerability
  • PHP-Fusion E-Cart Module 1.3 Items.PHP SQL Injection Vulnerability
  • IT!CMS Login.PHP SQL Injection Vulnerability
  • playSMS 0.9.3 Init.PHP APPS_PATH[PLUG] Parameter Remote File Include Vulnerability [CVE-2009-0103]
  • playSMS 0.9.3 Init.PHP THEMES_MODULE Parameter Local File Include Vulnerability [CVE-2008-5881]
  • playSMS 0.9.3 Init.PHP GATEWAY_MODULE Parameter Local File Include Vulnerability [CVE-2008-5881]
  • playSMS 0.9.3 Function.PHP Remote File Include Vulnerability [CVE-2009-0103]
  • playSMS 0.9.3 Init.PHP APPS_PATH[THEMES] Parameter Remote File Include Vulnerability [CVE-2009-0103]
  • Goople CMS 1.8.2 Frontpage.PHP SQL Injection Vulnerability [CVE-2009-0111]
  • ezPack 4.2 Index.PHP Cross Site Scripting Vulnerability [CVE-2009-0105]
  • ezPack 4.2 Index.PHP SQL Injection Vulnerability [CVE-2009-0104]
  • PHPAuctions Settings.Inc.PHP Remote File Include Vulnerability
  • PHPAuctions Search.PHP Remote File Include Vulnerability
  • PHPAuctions Browse.PHP Remote File Include Vulnerability
  • PHPAuctions User_Confirmation.Inc.PHP Remote File Include Vulnerability
  • PHPAuctions Useragent.Inc.PHP Remote File Include Vulnerability
  • PHPAuctions Stats.Inc.PHP Remote File Include Vulnerability
  • PHPAuctions Messages.Inc.PHP Remote File Include Vulnerability
  • PHPAuctions Converter.Inc.PHP Remote File Include Vulnerability
  • PHPAuctions Auction_Confirmation.Inc.PHP Remote File Include Vulnerability
  • RiotPix 0.61 Index.PHP SQL Injection Vulnerability [CVE-2009-0109]
  • RiotPix 0.61 Read.PHP SQL Injection Vulnerability [CVE-2009-0110]
  • PHPAuctions Profile.PHP SQL Injection Vulnerability [CVE-2009-0106]
  • PHPAuctions Profile.PHP SQL Injection Vulnerability [CVE-2009-0107]
  • SolucionXpressPro Main.PHP SQL Injection Vulnerability
  • webSPELL 4.1.2 Index.PHP SQL Injection Vulnerability
  • CFAGCMS 1.0 Right.PHP SQL Injection Vulnerability [CVE-2008-5781]
  • eDare eDNews 2.0 EDNews_View.PHP SQL Injection Vulnerability [CVE-2008-5820]
  • plxWebDev plx Autoreminder 3.7 Members.PHP SQL Injection Vulnerability
  • PhpMesFilms 1.0 Index.PHP SQL Injection Vulnerability
  • Lito Lite Content.PHP SQL InjectionVulnerability
  • PNphpBB2 1.2.0 Admin_Users.PHP Local File Include Vulnerability
  • PNphpBB2 1.2.0 Admin_Styles.PHP Local File Include Vulnerability
  • PNphpBB2 1.2.0 Admin_Ranks.PHP Local File Include Vulnerability
  • PNphpBB2 1.2.0 Admin_Smilies.PHP Local File Include Vulnerability
  • PNphpBB2 1.2.0 Admin_Groups_Reapir.PHP Local File Include Vulnerability
  • PNphpBB2 1.2.0 Admin_Words.PHP Local File Include Vulnerability
  • Cybershade CMS 0.2b Index.PHP Remote File Include Vulnerability
  • WSN Guest 1.23 Search.PHP SQL Injection Vulnerability
  • Joomla! com_na_newsdescription Component Index.PHP SQL Injection Vulnerability
  • Joomla! Phoca Documentation Component Index.PHP SQL Injection Vulnerability
  • Joomla! and Mambo Simple Review Component 1.3.5 Index.PHP SQL Injection Vulnerability
  • ASPThai.Net Webboard 6.0 Bview.ASP SQL Injection Vulnerability
  • PowerClan 1.14a Admin Login SQL Injection Vulnerability
  • w3blabor CMS 3.3 Index.PHP SQL Injection Vulnerability
  • PowerNews 2.5.4 News.PHP SQL Injection Vulnerability
  • 2Capsule Sticker Sticker.PHP SQL Injection Vulnerability
  • Pixel8 Web Photo Album 3.0 Photo.ASP SQL Injection Vulnerability
  • Mole Group Vacation Script Properties_View.PHP SQL Injection Vulnerability
  • CMScout 2.06 Index.PHP SQL Injection Vulnerability
  • CMScout 2.06 Index.PHP Local File Include Vulnerability
  • CMScout 2.06 Admin.PHP Local File Include Vulnerability
  • phpAlumni Acomment.PHP SQL Injection Vulnerability [CVE-2008-5815]
  • SepCity Shopping Mall Shpdetails.ASP SQL Injection Vulnerability
  • SepCity Classified Ads Classdis.ASP SQL Injection Vulnerability
  • AIST NetCat 3.12 POLLID Parameter SQL Injection Vulnerability
  • Madrese-Portal Haber.ASP SQL Injection Vulnerability
  • Mavi Emlak NewDetail.ASP SQL Injection Vulnerability
  • SepCity Lawyer Portal Deptdisplay.ASP SQL Injection Vulnerability
  • myPHPscripts Login Session 2.0 Login.PHP Cross Site Scripting Vulnerability [CVE-2008-5854]
  • mDigg Component for Joomla! 2.2.8 Index.PHP SQL Injection Vulnerability
  • phpMyAdmin 4.1.1 Tbl_Structure.PHP SQL Injection Vulnerability [CVE-2008-5622]
  • Text Lines Rearrange Script Download.PHP Information Disclosure Vulnerability
  • phpg 1.6 Index.PHP Cross-Site Scripting Vulnerability
  • phpg 1.6 Main-Display-File.PHP Cross-Site Scripting Vulnerability
  • SolarCMS 0.53.3 Index.PHP SQL Injection Vulnerability
  • Extract Website Download.PHP Local File Include Vulnerability
  • webcamXP 5.3.2.375 URL Directory Traversal Vulnerability
  • Online Keyword Research Tool Download.PHP Local File Include Vulnerability
  • 2532designs 2532|Gigs 1.2.2 Mini_Calendar.PHP Local File Include Vulnerability
  • 2532designs 2532|Gigs 1.2.2 Deleteuser.PHP Local File Include Vulnerability
  • 2532designs 2532|Gigs 1.2.2 Settings.PHP Local File Include Vulnerability
  • 2532designs 2532|Gigs 1.2.2 Manage_Gigs.PHP Local File Include Vulnerability
  • Tech Articles Joomla! Component 1.0 Index.PHP SQL Injection Vulnerability
  • Joomla! Pax Gallery 0.1 Index.PHP SQL Injection Vulnerability [CVE-2008-5811]
  • AlstraSoft Web Email Script Enterprise Index.PHP SQL Injection Vulnerability [CVE-2008-5751]
  • Web Scribble Solutions webClassifieds Index.PHP SQL Injection Vulnerability [CVE-2008-5817]
  • eDreamers eDNews 2.0 EDNews_Archive.PHP Local File Include Vulnerability [CVE-2008-5819]
  • eDreamers eDContainer 2.22 Index.PHP Local File Include Vulnerability [CVE-2008-5818]
  • Joomla HBS com_5starhotels Index.PHP SQL Injection Vulnerability
  • Joomla HBS com_allhotels Index.PHP SQL Injection Vulnerability
  • Joomla HBS com_lowcosthotels Index.PHP SQL Injection Vulnerability
  • Joomla HBS com_tophotelmodule 1.0 Index.PHP SQL Injection Vulnerability
  • PHP-Fusion TI Blog System Module 1.11 Blog.PHP SQL Injection Vulnerability [CVE-2008-5733]
  • bloofoxCMS 0.3.4 Dialog.PHP Local File Include Vulnerability [CVE-2008-5748]
  • Joomla! LiveTicker 1.0 Index.PHP SQL Injection Vulnerability
  • Joomla! Ice Gallery Component 0.5 Index.PHP SQL Injection Vulnerability
  • ILIAS 3.7.4 Repository.PHP SQL Injection Vulnerability [CVE-2008-5816]
  • W2B phpGreetCards 3.7 Index.PHP Cross Site Scripting Vulnerability
  • stormBoards 1.0.1 Thread.PHP SQL Injection Vulnerability [CVE-2008-5726]
  • AIST NetCat 3.12 Password_Recovery.PHP SQL Injection Vulnerability [CVE-2008-5727]
  • Joomla HBS COM_HBSSEARCH 1.0 Joomla! Component Index.PHP SQL Injection Vulnerability
  • Constructr CMS 3.2.5 Index.PHP SQL Injection Vulnerability
  • MySQL Calendar 1.2 Index.PHP SQL Injection Vulnerability [CVE-2008-5737]
  • SolarCMS 0.53.3 Index.PHP SQL Injection Vulnerability
  • Joomla Apps Volunteer Management Component 2.0 Index.PHP SQL Injection Vulnerability
  • Pligg 9.9.5 Check_Url.PHP SQL Injection Vulnerability [CVE-2008-5739]
  • RSS Simple News News.PHP SQL Injection Vulnerability
  • Userlocator 3.0 Locator.PHP SQL Injection Vulnerability [CVE-2008-5863]
  • TinyMCE 2.0.1 Index.PHP SQL Injection Vulnerability
  • ASP Indir EvimGibi Pro Resim Galerisi 1.0 Resim.ASP SQL Injection Vulnerability
  • MyPBS 1.0 Index.PHP SQL Injection Vulnerability
  • Umer Inc Songs Portal Albums.PHP SQL Injection Vulnerability
  • phpcksec 0.2 Phpcksec.PHP Cross Site Scripting Vulnerability
  • Lizardware CMS 0.6 Index.PHP SQL Injection Vulnerability
  • Gnews Publisher Authors.ASP SQL Injection Vulnerability [CVE-2008-5767]
  • Liberum Help Desk Forgotpass.ASP SQL Injection Vulnerability [CVE-2006-6161]
  • Faupload Download.PHP SQL Injection Vulnerability [CVE-2008-5766]
  • WorkSimple 1.2.1 Calendar.PHP Remote File Include Vulnerability [CVE-2008-5764]
  • WorkSimple 1.2.1 Usr.TXT Information Disclosure Vulnerability [CVE-2008-5765]
  • Aperto Blog 0.1.1 Index.PHP Local File Include Vulnerability [CVE-2008-5776]
  • Aperto Blog 0.1.1 Admin.PHP Local File Include Vulnerability [CVE-2008-5776]
  • Free Links Directory Script 1.2 Report.PHP SQL Injection Vulnerability [CVE-2008-5778]
  • Mediatheka 4.2 Connection.PHP SQL Injection Vulnerability
  • Free Links Directory Script 1.2 Lpro.PHP SQL Injection Vulnerability
  • CadeNix Index.PHP SQL Injection Vulnerability
  • Aperto Blog 0.1.1 Categories.PHP SQL Injection Vulnerability
  • World Recipe 2.11 Emailrecipe.ASPX Cross-Site Scripting Vulnerability
  • World Recipe 2.11 Recipedetail.ASPX Cross-Site Scripting Vulnerability
  • World Recipe 2.11 Validatefieldlength.ASPX Cross-Site Scripting Vulnerability
  • CFAGCMS 1.0 Print.PHP SQL Injection Vulnerability
  • AM Events Module 0.22 for XOOPS Print.PHP SQL Injection Vulnerability
  • CFAGCMS 1.0 Index.PHP RIGHT Parameter Remote File Include Vulnerability
  • CFAGCMS 1.0 Index.PHP MAIN Parameter Remote File Include Vulnerability
  • Constructr CMS 3.2.5 Template.PHP Directory Traversal Vulnerability [CVE-2008-5860]
  • AutositePHP 2.0.3 Index.PHP Local File Include Vulnerability
  • AutositePHP 2.0.3 Login.PHP Local File Include Vulnerability
  • AutositePHP 2.0.3 Modify.PHP Local File Include Vulnerability
  • PostEcards Sendcard.CFM Database Disclosure Vulnerability [CVE-2008-5560]

This entry was posted in N-Stalker Latest Updates. Bookmark the permalink.
Products
About N-Stalker
Contact

Rua Monte Alegre, 61 - cj 81
Sao Paulo, BRA, 05014-000
BRA Phone: +55-11-3868-1997
Contact us