Joomla RSS Reader vulnerability and multiple updates

By N-Stalker Team on December 4, 2008

N-Stalker has made available the latest database update for its Web Application Security Assessment Products.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • MauryCMS 0.53.2 Rss.PHP SQL Injection Vulnerability
  • MyTopix 1.3 Index.PHP SQL Injection Vulnerability
  • Pluck 4.5.3 Pcltar.Lib.PHP Local File Include Vulnerability
  • Kimson CMS Bbs.Track.PHP Cross Site Scripting Vulnerability
  • UltraStats 0.3.11 Login.PHP SQL Injection Vulnerability
  • Simple Customer 1.2 Login.PHP SQL Injection Vulnerability
  • phpFan 3.3.4 Init.PHP Remote File Include Vulnerability
  • Jadu Galaxies Documents.PHP SQL Injection Vulnerability
  • E-topbiz AdManager 4.0 View.PHP SQL Injection Vulnerability
  • ActiveCampaign TrioLive 1.58.6 Index.PHP SQL Injection Vulnerability [CVE-2008-5055]
  • ActiveCampaign TrioLive 1.58.6 Index.PHP Cross Site Scripting Vulnerability [CVE-2008-5056]
  • QuadComm Q-Shop 3.0 Search.ASP SQL Injection Vulnerability
  • QuadComm Q-Shop 3.0 Search.ASP Cross Site Scripting Vulnerability
  • BoutikOne CMS Search.PHP Cross Site Scripting Vulnerability [CVE-2008-5126]
  • OpenASP 3.0 Default.ASP SQL Injection Vulnerability
  • phpstore.info Yahoo Answers-Like Index.PHP SQL Injection Vulnerability
  • Flosites Blog Index.PHP CATEGORy Parameter SQL Injection Vulnerability
  • Flosites Blog Index.PHP CAT Parameter SQL Injection Vulnerability
  • Wholesale Track.PHP SQL Injection Vulnerability
  • ClipShare Pro 1.5.3 Channel_Detail.PHP SQL Injection Vulnerability
  • HOSTNOMI Real Estate Portal Pro Index.PHP SQL Injection Vulnerability
  • TurnkeyForms Text Link Sales Admin.PHP Cross Site Scripting Vulnerability
  • TurnkeyForms Text Link Sales Admin.PHP SQL Injection Vulnerability
  • MemHT Portal 4.0.1 Ajax_Rating.PHP SQL Injection Vulnerability [CVE-2008-5132]
  • Joomla! Simple RSS Reader Component 1.0 Admin.Rssreader.PHP Remote File Include Vulnerability [CVE-2008-5053]
  • AlstraSoft Article Manager Pro 1.6 Admin.PHP SQL Injection Vulnerability
  • PozScripts Business Directory Showcategory.PHP SQL Injection Vulnerability
  • SlimCMS 1.0 Edit.PHP SQL Injection Vulnerability
  • Bankoi Webhost Panel 1.20 Login.ASP SQL Injection Vulnerability
  • Digital Greys Contact Information Module 2.1 Joomla! Component SQL Injection Vulnerability
  • Joomla! and Mambo Books Component Index.PHP SQL Injection Vulnerability
  • AJPoll Newpoll.PHP SQL Injection Vulnerability
  • FreshScripts Fresh Email Script 1.11 Url.PHP Remote File Include Vulnerability
  • Dizi Portali Film.ASP SQL Injection Vulnerability [CVE-2008-5057]
  • OTManager 2.4 Admin/ADM_Pagina.PHP Remote File Include Vulnerability
  • Cyberfolio 7.12.2 Css.PHP Local File Include Vulnerability
  • Joomla! JooBlog Component 0.1.1 Index.PHP SQL Injection Vulnerability
  • Zeeways ZEEPROPERTY 1.0 View_Prop_Details.PHP Cross Site Scripting Vulnerability
  • Zeeways ZEEMATRI 3.0 Bannerclick.PHP SQL Injection Vulnerability
  • Joomla! and Mambo Catalog Production Component Index.PHP SQL Injection Vulnerability
  • MemHT Portal 4.0 English.PHP SQL Injection Vulnerability
  • MoinMoin 1.8 Cross-Site Scripting Vulnerability
  • Openfire 3.6.0 Login.JSP Cross-Site Scripting Vulnerability
  • Indiscripts Enthusiast 3.1.4 Show_Joined.PHP Remote File Include Vulnerability
  • Pre Real Estate Listings Login.PHP SQL Injection Vulnerability
  • PHP Auto Listings Script Adminlogin.PHP SQL Injection Vulnerability
  • E-topbiz eStore 3.0 Index.PHP SQL Injection Vulnerability
  • Domain Seller Pro 1.5 Index.PHP SQL Injection Vulnerability
  • MyioSoft EasyBookMarker 4.0 Bookmarker_Backend.PHP SQL Injection Vulnerability
  • E-topbiz Number Links 1 Admin_Catalog.PHP SQL Injection Vulnerability
  • Mole Group Rental Script Login.PHP SQL Injection Vulnerability
  • DeltaScripts PHP Classifieds 7.5 Detail.PHP SQL Injection Vulnerability
  • Multiple MyioSoft Products 4.0 Login Screen SQL Injection Vulnerability
  • Mini Web Calendar 1.2 Local File Include Vulnerability
  • Mini Web Calendar 1.2 Cross-Site Scripting Vulnerability
  • Recly!Competitions Component 1.0 Add.PHP Remote File Include Vulnerability
  • Recly!Competitions Component 1.0 Competitions.PHP Remote File Include Vulnerability
  • Recly!Competitions Component 1.0 Settings.PHP Remote File Include Vulnerability
  • Recly Feederator 1.0.5 Edit_Tmsp.PHP Remote File Include Vulnerability
  • Recly Feederator 1.0.5 Add_Tmsp.PHP Remote File Include Vulnerability
  • Recly Feederator 1.0.5 Subscription.PHP Remote File Include Vulnerability
  • Recly Feederator 1.0.5 Tmsp.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 GlobalVariables.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 Install.Clickheat.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 _Main.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 Heatmap/Main.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 Main.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 Cache.PHP Remote File Include Vulnerability
  • Clickheat 1.0.1 Clickheat_Heatmap.PHP Remote File Include Vulnerability
  • E-topbiz Online Store 1.0 Login.PHP SQL Injection Vulnerability
  • Parallels Plesk Billing Index.PHP Cross Site Scripting Vulnerability [CVE-2008-5059]
  • SoftComplex PHP Image Gallery 1.0 Index.PHP SQL Injection Vulnerability
  • e-Vision CMS 2.0.2 Add3rdparty.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addplain.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addproduct.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addarticles.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addtour.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addgame.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addnewsletter.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addbrandnews.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addcontact.PHP Local File Include Vulnerability
  • e-Vision CMS 2.0.2 Addpolling.PHP Local File Include Vulnerability
  • TurnkeyForms Local Classifieds Listtest.PHP SQL Injection Vulnerability
  • TurnkeyForms Local Classifieds Listtest.PHP Cross Site Scripting Vulnerability
  • TurnkeyForms Software Directory 1.0 Signinform.PHP Cross Site Scripting Vulnerability
  • TurnkeyForms Software Directory 1.0 Showcategory.PHP SQL Injection Vulnerability
  • Mole Group Pizza Script Index.PHP SQL Injection Vulnerability [CVE-2008-5046]
  • Mole Group Pizza Script Index.PHP MANUFACTURERS_ID Parameter SQL Injection Vulnerability [CVE-2008-5046]
  • TurnkeyForms Business Survey Pro 1.0 Survey_Results_Text.PHP SQL Injection Vulnerability
  • DeltaScripts PHP Links 1.3 Adm_Login.PHP SQL Injection Vulnerability
  • DeltaScripts PHP Classifieds 7.3 Login.PHP SQL Injection Vulnerability

This entry was posted in N-Stalker Latest Updates and tagged . Bookmark the permalink.