XOOPS vulnerabilities and multiple updates

By N-Stalker Team on December 30, 2008

N-Stalker has made available the latest database update for its Web Application Security Assessment Products.

You will be able to download it automatically in the following versions:

  • N-Stalker Web Application Security Scanner 2006 (Enterprise, QA and Infrastructure Edition)
    • WSI Update (N-Stalker Update Manager)
  • N-Stealth HTTP Security Scanner (not updated)

You should be able to receive it automatically next time you execute the scanner.

If you prefer to download it manually, please, use the following url: https://customer.nstalker.com.

If you need any additional assistance during this process, please, contact us at:
Web: Open new support ticket at https://customer.nstalker.com
E-mail: http://www.nstalker.com/about/contact (24hs) or
Phone: +55-11-3675-7093 (9am to 18pm GMT-0300)

This release has included the following vulnerabilities:

  • Mediatheka 4.2 Index.PHP Local File Include Vulnerability
  • Multiple ASP SiteWare Products 2.0 Detail.ASP SQL Injection Vulnerability [CVE-2007-0053]
  • Multiple ASP SiteWare Products 2.0 Type2.ASP SQL Injection Vulnerability
  • Multiple ASP SiteWare Products 2.0 Type.ASP SQL Injection Vulnerability
  • FLDS Free Links Directory Script 1.2a Redir.PHP SQL Injection Vulnerability
  • PHP Weather 2.2.2 Make_Config.PHP Cross Site Scripting Vulnerability
  • PHP Weather 2.2.2 Test.PHP Local File Include Vulnerability
  • icash Click&Rank User.ASP Cross Site Scripting Vulnerability
  • icash ClickAndEmail Admin_Dblayers.ASP SQL Injection Vulnerability
  • icash ClickAndEmail Admin_Dblayers.ASP Cross Site Scripting Vulnerability
  • icash Click&BaneX Admin_Menu.ASP SQL Injection Vulnerability
  • icash Click&BaneX User_Menu.ASP ID Parameter SQL Injection Vulnerability
  • icash Click&BaneX User_Menu.ASP USERNAME Parameter SQL Injection Vulnerability
  • icash Click&Rank User_Delete.ASP SQL Injection Vulnerability
  • icash Click&Rank Hitcounter.ASP SQL Injection Vulnerability
  • icash Click&Rank User_Update.ASP SQL Injection Vulnerability
  • Flatnux Index.PHP HTML Injection Vulnerability
  • Simple Text-File Login script 1.0.6 Slogin_Lib.Inc.PHP Remote File Include Vulnerability
  • r.cms 2.0 Index.PHP SQL Injection Vulnerability
  • r.cms 2.0 Produkte.PHP SQL Injection Vulnerability
  • r.cms 2.0 Referenzdetail.PHP SQL Injection Vulnerability
  • MyPHPsite Index.PHP Local File Include Vulnerability
  • Phpclanwebsite 1.3.23 Box.PHP Directory Traversal Vulnerability
  • Phpclanwebsite 1.3.23 Index.PHP SEARCHVALUE Parameter SQL Injection Vulnerability
  • Phpclanwebsite 1.3.23 Index.PHP PCWLOGIN Parameter SQL Injection Vulnerability
  • Phpclanwebsite 1.3.23 Footer.PHP Directory Traversal Vulnerability
  • 2532|Gigs 1.2.2 Index.PHP SQL Injection Vulnerability
  • I-RATER Basic Messages.PHP SQL Injection Vulnerability
  • EasySiteNetwork Jokes Complete Website Joke.PHP SQL Injection Vulnerability
  • DO-CMS 3.0 Index.PHP SQL Injection Vulnerability
  • Tech Articles Joomla! Component Index.PHP SQL Injection Vulnerability
  • ASP-DEV XM Events Diary Default.ASP SQL Injection Vulnerability
  • ASPired2Blog Blog_Comments.ASP SQL Injection Vulnerability
  • Social Groupie Group_Index.PHP SQL Injection Vulnerability
  • InSun FeedCms 1.7.3 Local File Include Vulnerability
  • WebPhotoPro Art.PHP SQL Injection Vulnerability
  • WebPhotoPro Ribrika.PHP SQL Injection Vulnerability
  • WebPhotoPro Galeri_Info.PHP SQL Injection Vulnerability
  • WebPhotoPro Rub.PHP SQL Injection Vulnerability
  • CMS ISWEB 3.0 Index.PHP Cross Site Scripting Vulnerability
  • CMS ISWEB 3.0 Index.PHP SQL Injection Vulnerability
  • Pro Chat Rooms 3.0.2 Index.PHP Cross Site Scripting Vulnerability
  • phpAddEdit 1.3 Addedit-Render.PHP Local File Include Vulnerability
  • CFMSource CF_Calendar Calendarevent.CFM SQL Injection Vulnerability
  • CFMSource CFMBlog Index.CFM SQL Injection Vulnerability
  • CF_Auction and CF_Forum Forummessages.CFM SQL Injection Vulnerability
  • CF Shopkart 5.2.2 Index.CFM SQL Injection Vulnerability
  • eZoneScripts Living Local 1.1 Listtest.PHP Cross Site Scripting Vulnerability
  • PunBB 1.3.1 Login.PHP Cross Site Scripting Vulnerability [CVE-2008-5433]
  • ASP-CMS 1.0 Index.ASP SQL Injection Vulnerability
  • Netref 4.0 Presentation.PHP SQL Injection Vulnerability [CVE-2008-5561]
  • Netref 4.0 Fiche_Product.PHP SQL Injection Vulnerability [CVE-2008-5561]
  • PEEL 3.1 index.PHP SQL Injection Vulnerability
  • PHP Multiple Newsletters 2.7 Index.PHP Cross Site Scripting Vulnerability [CVE-2008-5566]
  • PHPmyGallery 1.5 Common-Tpl-Vars.PHP Local File Include Vulnerability
  • PHPmyGallery 1.5 Common-Tpl-Vars.PHP Remote File Include Vulnerability
  • PHPmyGallery Common-Tpl-Vars.PHP Remote File Include Vulnerability
  • PHPmyGallery 1.51 Index.PHP Directory Traversal Vulnerability [CVE-2008-5598]
  • Tag Board 4 phpBB3 3.0.2 Tag_Board.PHP SQL Injection Vulnerability
  • Secure Downloads 2.0.0 for vBulletin \’fileinfo.php\’ SQL Injection Vulnerability
  • Yaplap 0.6.1 Ldap.PHP Remote File Include Vulnerability [CVE-2006-6575]
  • PhPepperShop 1.4 Kontakt.PHP Cross Site Scripting Vulnerability [CVE-2008-5569]
  • PhPepperShop 1.4 SHOP_KONFIGURATION.PHP Cross Site Scripting Vulnerability [CVE-2008-5569]
  • PhPepperShop 1.4 Shop_Kunden_Mgmt.PHP Cross Site Scripting Vulnerability [CVE-2008-5569]
  • PhPepperShop 1.4 Index.PHP Cross Site Scripting Vulnerability [CVE-2008-5569]
  • PrestaShop 1.1 Order.PHP Cross-Site Scripting Vulnerability
  • PrestaShop 1.1 Login.PHP Cross-Site Scripting Vulnerability
  • PHP Multiple Newsletters 2.7 Index.PHP Local File Include Vulnerability [CVE-2008-5570]
  • XOOPS 2.3.2 Main.PHP Local File Include Vulnerability
  • XOOPS 2.3.2 Blocks.PHP Local File Include Vulnerability
  • yMonda Thread-IT 1.6 Treplies.ASP SQL Injection Vulnerability
  • TWiki 4.2.3 URLPARAM Variable Cross Site Scripting Vulnerability [CVE-2008-5304]
  • ASPToys ASP Portal Classifieds.ASP SQL Injection Vulnerability [CVE-2008-5605]
  • ASPToys ASP Portal Events.ASP SQL Injection Vulnerability [CVE-2008-5605]
  • Multiple Membership Script 2.5 Sitepage.PHP SQL Injection Vulnerability
  • RankEm Rankup.ASP SQL Injection Vulnerability
  • ASPToys Teamworx Server Default.ASP SQL Injection Vulnerability
  • lcxbbportal 0.1 Acp_Lcxbbportal.PHP Remote File Include Vulnerability [CVE-2008-5585]
  • lcxbbportal 0.1 Portal_Block.PHP Remote File Include Vulnerability [CVE-2008-5585]
  • Nightfall Personal Diary Login.ASP Cross Site Scripting Vulnerability
  • ASP AutoDealer Detail.ASP SQL Injection Vulnerability
  • PostEcards Sendcard.CFM SQL Injection Vulnerability [CVE-2008-5559]
  • yappa-ng Index.PHP Cross Site Scripting Vulnerability
  • PHPSTREET Webboard 1.0 Show.PHP SQL Injection Vulnerability
  • ASPApps.com Template Creature Media_Level.ASP SQL Injection Vulnerability
  • ImpressCMS 1.0.2 RANK_TITLE Parameter HTML Injection Vulnerability
  • ccTiddly 1.7.4 Workspace.PHP Remote File Include Vulnerability
  • ccTiddly 1.7.4 Include.PHP Remote File Include Vulnerability
  • ccTiddly 1.7.4 Header.PHP Remote File Include Vulnerability
  • ccTiddly 1.7.4 Proxy.PHP Remote File Include Vulnerability
  • ccTiddly 1.7.4 Index.PHP Remote File Include Vulnerability
  • ccTiddly 1.7.4 Rss.PHP Remote File Include Vulnerability
  • RevSense 1.0 Index.PHP SQL Injection Vulnerability
  • RevSense 1.0 Index.PHP SECTION Parameter Cross Site Scripting Vulnerability
  • RevSense 1.0 Index.PHP Cross Site Scripting Vulnerability
  • Mini-CMS 1.0.1 Index.PHP PAGE Parameter Local File Include Vulnerability [CVE-2008-5593]
  • Mini-CMS 1.0.1 Index.PHP ADMIN Parameter Local File Include Vulnerability [CVE-2008-5593]
  • PHPmyGallery 1.51 Index.PHP Directory Traversal Vulnerability
  • Kalptaru Infotech Product Sale Framework 0.1 Customer.Forumtopic.PHP SQL Injection Vulnerability
  • BPowerHouse Mini Blog 1.0.1 Index.PHP PAGE Parameter Local File Include Vulnerability [CVE-2008-5594]
  • BPowerHouse Mini Blog 1.0.1 Index.PHP ADMIN Parameter Local File Include Vulnerability [CVE-2008-5594]
  • phpPgAdmin 4.1.2 Index.PHP Local File Include Vulnerability
  • Tribiq CMS 5.0.11 Index.PHP SQL Injection Vulnerability
  • Drennan Software My Simple Forum 3.0 Index.PHP Local File Include Vulnerability
  • SEO phpBB 1.1 Include/Global.PHP Remote File Include Vulnerability
  • Gravity GTD 0.4.5 PHP Rpc.PHP Local File Include Vulnerability
  • Gravity GTD 0.4.5 Rpc.PHP PHP Code Injection Vulnerability
  • Joomla! and Mambo Mydyngallery Component Index.PHP SQL Injection Vulnerability
  • Rae Media Web Based Contact Management Login SQL Injection Vulnerability
  • Mxmania Gallery MX 2.0 Pics_Pre.ASP SQL Injection Vulnerability
  • JMovies Joomla! Component 1.1 Index.PHP SQL Injection Vulnerability
  • Calendar MX Professional 2.0 Calendar_Eventupdate.ASP SQL Injection Vulnerability
  • i-Net Solution Orkut Clone Profile_Social.PHP SQL Injection Vulnerability
  • i-Net Solution Orkut Clone Profile_Social.PHP Cross Site Scripting Vulnerability
  • Z1Exchange 1.0 Showads.PHP SQL Injection Vulnerability
  • Z1Exchange 1.0 Showads.PHP Cross Site Scripting Vulnerability
  • Check Up New Generation 4.52 Findoffice.PHP SQL Injection Vulnerability
  • Sunbyte eFlower Popupproduct.PHP SQL Injection Vulnerability
  • Ocean12 Mailing List Manager Gold Default.ASP Cross Site Scripting Vulnerability
  • Ocean12 Mailing List Manager Gold S_Edit.ASP SQL Injection Vulnerability
  • Fantastico Index.PHP Local File Include Vulnerability
  • Pre ASP Job Board Emp_Login.ASP Cross Site Scripting Vulnerability
  • ASP Forum Script Default.ASP Cross Site Scripting Vulnerability
  • ASP Forum Script Messages.ASP Cross Site Scripting Vulnerability
  • ASP Forum Script Messages.ASP SQL Injection Vulnerability
  • ASP Forum Script New_Message.ASP Cross Site Scripting Vulnerability
  • PHP JOBWEBSITE PRO Forgot.PHP SQL Injection Vulnerability
  • PHP JOBWEBSITE PRO Forgot.PHP Cross Site Scripting Vulnerability
  • Pre Shopping Mall Search.PHP SQL Injection and Cross Site Scripting Vulnerability
  • Pre Shopping Mall Search.PHP SQL Injection Vulnerability
  • Pre Classified Listings 1.0 Detailad.ASP SQL Injection Vulnerability
  • CodeToad ASP Shopping Cart Script Cross Site Scripting Vulnerability
  • Softbiz Classifieds Script Showcategory.PHP Cross Site Scripting Vulnerability
  • Softbiz Classifieds Script Index.PHP Cross Site Scripting Vulnerability
  • Softbiz Classifieds Script Adminhome.PHP Cross Site Scripting Vulnerability
  • Softbiz Classifieds Script Lostpassword.PHP Cross Site Scripting Vulnerability
  • Softbiz Classifieds Script Gallery.PHP Cross Site Scripting Vulnerability
  • Softbiz Classifieds Script Signinform.PHP Cross Site Scripting Vulnerability
  • RakhiSoftware Shopping Cart Product.PHP SQL Injection Vulnerability
  • RakhiSoftware Shopping Cart Product.PHP CATEGORY_ID Parameter Cross-Site Scripting Vulnerability
  • RakhiSoftware Shopping Cart Product.PHP SUBCATEGORY_ID Parameter Cross-Site Scripting Vulnerability
  • bcoos 1.0.13 Viewcat.PHP SQL Injection Vulnerability
  • Z1Exchange 1.0 Edit.PHP SQL Injection Vulnerability
  • Broadcast Machine 0.1 MySQLController.PHP Remote File Include Vulnerability
  • Broadcast Machine 0.1 SQLController.PHP Remote File Include Vulnerability
  • Broadcast Machine 0.1 SetupController.PHP Remote File Include Vulnerability
  • Broadcast Machine 0.1 VideoController.PHP Remote File Include Vulnerability
  • Broadcast Machine 0.1 ViewController.PHP Remote File Include Vulnerability
  • Pre Classified Listings 1.0 Signup.ASP Cross Site Scripting Vulnerability
  • ActiveWebSoftwares Active Business Directory 2 Default.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Price Comparison 4 Links.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Test 2.1 Quiztakers.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Test 2.1 Questions.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Test 2.1 Importquestions.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Web Helpdesk 2 Default.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Web Mail 4 Quiztakers.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Web Mail 4 Questions.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Web Mail 4 Importquestions.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares Active Bids 3.5 Bidhistory.ASP SQL Injection Vulnerability
  • ActiveWebSoftwares ActiveVotes 2.2 VoteHistory.ASP SQL Injection Vulnerability [CVE-2008-5365]
  • KTP Computer Customer Database TID Parameter SQL Injection Vulnerability
  • Minimal ABlog 0.4 Index.PHP SQL Injection Vulnerability
  • Lito Lite Cate.PHP SQL Injection Vulnerability
  • ActiveWebSoftwares ASPReferral 5.3 Merchantsadd.ASP SQL Injection Vulnerability
  • ParsBlogger Blog.ASP Cross Site Scripting Vulnerability
  • Multiple Ocean12 Products Login.ASP SQL Injection Vulnerability
  • BusinessVein PHP TV Portal \’index.php\’ SQL Injection Vulnerability
  • Basic CMS Index.PHP Cross Site Scripting Vulnerability
  • Venalsur Booking Centre 2.01 Hotel.PHP Cross-Site Scripting Vulnerability
  • Venalsur Booking Centre 2.01 Cadena_Paquetes_Ext.PHP Cross-Site Scripting Vulnerability
  • Venalsur Booking Centre 2.01 Hotel_Habitaciones.PHP SQL Injection Vulnerability
  • Venalsur Booking Centre 2.01 Hotel.PHP SQL Injection Vulnerability
  • Ocean12 Mailing List Manager Gold 2.04 EMAIL Parameter SQL Injection Vulnerability
  • Ocean12 FAQ Manager Pro KEYWORD Parameter Cross Site Scripting Vulnerability
  • Ocean12 FAQ Manager Pro ID Parameter SQL Injection Vulnerability
  • CMS Little 0.0.1 Index.PHP SQL Injection Vulnerability
  • Bluo 1.2 Index.PHP SQL Injection Vulnerability
  • Web Calendar System 3.40 Calendar.ASP Cross Site Scripting Vulnerability
  • Web Calendar System 3.40 Calendar.ASP SQL Injection Vulnerability
  • Basic PHP CMS Index.PHP SQL Injection Vulnerability
  • Livio.net WEB Calendar 3.30 Calendar.ASP SQL Injection Vulnerability
  • Livio.net WEB Calendar 3.30 Calendar.ASP Cross Site Scripting Vulnerability
  • Turnkey Arcade Script Index.PHP SQL Injection Vulnerability
  • PageTree CMS 0.0.2 Main.PHP Remote File Include Vulnerability
  • Ocean12 Contact Manager Pro 1.02 Default.ASP Cross Site Scripting Vulnerability
  • Ocean12 Contact Manager Pro 1.02 Default.ASP SQL Injection Vulnerability
  • AssoCIateD 1.4.4 Index.PHP Cross Site Scripting Vulnerability
  • TxtBlog 1.0 Index.PHP Local File Include Vulnerability
  • Star Articles 6.0 Article.Download.PHP SQL Injection Vulnerability
  • Linksys WRT160N Apply.CGI Cross-Site Scripting Vulnerability
  • ParsBlogger Blog.ASP SQL Injection Vulnerability
  • Post Affiliate Pro 3.0 Index.PHP SQL Injection Vulnerability
  • CMS Ortus 1.13 Edit User Profile SQL Injection Vulnerability
  • fuzzylime (cms) 3.03 Code/Track.PHP Local File Include Vulnerability [CVE-2008-5291]
  • Werner Hilversum FAQ Manager 1.2 Include/Header.PHP Remote File Include Vulnerability [CVE-2008-5288]
  • Chipmunk Topsites Index.PHP Cross Site Scripting Vulnerability
  • Chipmunk Topsites Authenticate.PHP SQL Injection Vulnerability
  • VideoGirls View_Snaps.PHP SQL Injection Vulnerability [CVE-2008-5292]
  • Werner Hilversum Clean CMS 1.5 Full_Txt.PHP Cross Site Scripting Vulnerability [CVE-2008-5290]
  • Werner Hilversum Clean CMS 1.5 Full_Txt.PHP SQL Injection Vulnerability [CVE-2008-5289]
  • Werner Hilversum FAQ Manager 1.2 Catagorie.PHP SQL Injection Vulnerability [CVE-2008-5287]
  • Pie RSS Module 0.1 Rss.PHP Remote File Include Vulnerability
  • MODx CMS 0.9.6.2 Snippet.Reflect.PHP Remote File Include Vulnerability
  • MicroHellas ToursManager Tourview.PHP SQL Injection Vulnerability
  • COMS Dynamic.PHP Cross Site Scripting Vulnerability
  • NitroTech 0.03 Members.PHP SQL Injection Vulnerability [CVE-2008-5333]
  • Bandwebsite 1.5 Info.PHP Cross Site Scripting Vulnerability [CVE-2008-5338]
  • Bandwebsite 1.5 Lyrics.PHP SQL Injection Vulnerability [CVE-2008-5337]
  • Ez Ringtone Manager Information Disclosure Vulnerability
  • Pilot Group PG Job Site Pro Homepage.PHP SQL Injection Vulnerability
  • Prozilla Hosting Index Directory.PHP SQL Injection Vulnerability
  • NetArt Media Car Portal 2.0 Image.PHP SQL Injection Vulnerability [CVE-2008-5311]
  • ZoGo-Shop 1.15.4 Product_Details.PHP SQL Injection Vulnerability
  • Vlog System 1.1 Blog.PHP SQL Injection Vulnerability
  • eXtrovert Software Thyme 1.0 Joomla! Component SQL Injection Vulnerability
  • PHP-Fusion 7.0.1 Messages.PHP SQL Injection Vulnerability [CVE-2008-5335]
  • NatterChat 1.1 Login.ASP SQL Injection Vulnerability
  • SocialEngine 2.7 Profile_Comments.PHP SQL Injection Vulnerability
  • PunPortal 1.0 Login.PHP Local File Include Vulnerability
  • refbase 0.9 Search.PHP Cross Site Scripting Vulnerability
  • refbase 0.9 Show.PHP Cross Site Scripting Vulnerability
  • Easyedit Page.PHP SQL Injection Vulnerability
  • Easyedit Subcategory.PHP SQL Injection Vulnerability
  • Easyedit News.PHP SQL Injection Vulnerability
  • W3matter AskPert Index.PHP SQL Injection Vulnerability
  • Pre ASP Job Board Emp_Login.ASP SQL Injection Vulnerability

This entry was posted in N-Stalker Latest Updates and tagged , . Bookmark the permalink.