N-Stalker has made available the latest database update for its Web Application Security Assessment Products. Following the support life-cycle, we are still distributing updates for previous version.

You will be able to download it automatically in the following versions:

• N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
• WSI Update (N-Stalker Update Manager)
• N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

• Dansie Shopping Cart Server Error Message Installation Path Disclosure Vulnerability
• gBook 1.4 Administrative Access Vulnerability [CVE-2002-1560
• Geeklog 1.3.7 Authentication SQL Injection Vulnerability
• HTML2WML 0.4.7 Scheme File Arbitrary Access Vulnerability
• HTML2WML 0.4.7 Scheme File Arbitrary Access Vulnerability
• Bookmark4U 1.8.3 Dbase.PHP Remote File Include Vulnerability [CVE-2003-1253]
• Bookmark4U 1.8.3 Config.PHP Remote File Include Vulnerability [CVE-2003-1253]
• Bookmark4U 1.8.3 Common.Load.PHP Remote File Include Vulnerability [CVE-2003-1253]
• Bajie HTTP Server 0.78 Arbitrary Shell Command Execution Vulnerability
• Acme.Serve v1.7 Arbitrary File Access Vulnerability
• My Photo Gallery can be arbitrarily manipulated via management interface
• PHP Information Disclosure on Horde Package
• Noah Grey Greymatter 1.21 IE Bookmarklet Account Compromise Vulnerability [CVE-2002-0324]
• Tivo Calypso server will expose configuration details
• TiVo Client Service may allow download of MP3 and JPG files
• Tiki 1.7.2 Restricted Pages View Vulnerability
• Microsoft JET 3.51 Database Engine VBA Vulnerability
• Arbitrary Password File Disclosure in Guestbook R4
• Zeus Web Server 3.3.5 Null Terminated Strings Vulnerability
• Zope 2.9.3 Docutils Information Disclosure Vulnerability [CVE-2006-3458]
• Zope 2.10.2 HTTP Get Request HTML Injection Vulnerability [CVE-2007-0240]
• Old Versions of ZOPE might be susceptible to remote attacks
• Netgear RT314/RT311 Gateway Router Cross-Site Scripting Vulnerability
• Moodle 1.7.1 Index.PHP Cross Site Scripting Vulnerability [CVE-2007-3555]
• Claroline 1.8.3 $_SERVER[\’PHP_SELF\’] Parameter Cross-Site Scripting Vulnerability
• LightBlog 4.1 Add_Comment.PHP Cross-Site Scripting Vulnerability [CVE-2007-3131]
• Free Domain CO.NR Clone 1.0 Members.PHP SQL Injection Vulnerability
• E-Annu Home.PHP SQL Injection Vulnerability [CVE-2007-2416]
• Psipuss 1.0 Editusers.PHP SQL Injection Vulnerability
• SPHPell 1.01 Spellcheckwindowframeset.PHP Remote File Include Vulnerability
• SPHPell 1.01 Spellcheckwindow.PHP Remote File Include Vulnerability
• SPHPell 1.01 Checkpageinc.PHP Remote File Include Vulnerability
• SPHPell 1.01 Spellchecktext.PHP Remote File Include Vulnerability
• Buddy Zone 1.0.1 Video_Gallery.PHP SQL Injection Vulnerability
• Buddy Zone 1.0.1 View_Events.PHP SQL Injection Vulnerability
• Buddy Zone 1.0.1 View_News.PHP SQL Injection Vulnerability
• XCMS 1.1 Galerie.PHP Local File Include Vulnerability
• Ripe Website Manager 0.8.9 Admin_Header.PHP Remote File Include and Information Disclosure Vulnerability
• Ripe Website Manager 0.8.9 Author_Panel_Header.PHP Remote File Include and Information Disclosure Vulnerability
• Easybe 1-2-3 Music Store 1.0 Process.PHP Script SQL Injection Vulnerability [CVE-2005-3855]
• Philboard 1.14 Philboard_forum.ASP SQL Injection Vulnerability [CVE-2007-0920]
• EWay Default.APSX Cross-Site Scripting Vulnerability
• Intertianews 0.02 Inertianews_Main.PHP Remote File Include Vulnerability [CVE-2006-6726]
• ArcadeBuilder 1.7 Cookie Data SQL Injection Vulnerability
• PollMentor 2.0 Pollmentorres.ASP SQL Injection Vulnerability [CVE-2007-0984]
• phpCC 4.2 Nickpage.PHP SQL Injection Vulnerability [CVE-2007-0985]
• Qdig 1.2.9.3 QWD Variable Cross-Site Scripting Vulnerability [CVE-2007-0876]