SAP Business Objects vulnerabilities and multiple updates

By N-Stalker Team on April 23, 2009

N-Stalker has made available its latest “N-Stealth Web Attack Database” update for all products, including N-Stalker 2009 and 2006 version.You should be able to automatically download it next time you execute N-Stalker Scanner.

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note:  N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

  • Online Photo Pro 2.0 Index.PHP Cross Site Scripting Vulnerability
  • TotalCalendar 2.4 Config.PHP Remote File Include Vulnerability
  • FunGamez Login.PHP SQL Injection Vulnerability
  • FunGamez Index.PHP Local File Include MODULE Parameter Vulnerability
  • FunGamez Index.PHP Local File Include Vulnerability
  • Seditio Events Plugin 1.0 Plug.PHP SQL Injection Vulnerability
  • WEBBDOMAIN WebShop 1.02 Detail.PHP NAME Parameter Cross-Site Scripting Vulnerability – [CVE-2008-6629]
  • WEBBDOMAIN WebShop 1.02 Detail.PHP Cross-Site Scripting Vulnerability – [CVE-2008-6629]
  • WEBBDOMAIN WebShop 1.02 Detail.PHP SQL Injection Vulnerability – [CVE-2008-6628]
  • Geeklog 1.5.2 Usersettings.PHP SQL Injection Vulnerability – [CVE-2008-6628]
  • FreeWebShop 2.2.9 Startmodules.Inc.PHP Local File Include Vulnerability – [CVE-2008-6628]
  • razorCMS 0.3RC2 Index.PHP SLAB Parameter Cross-Site Script Vulnerability – [CVE-2008-6628]
  • razorCMS 0.3RC2 Index.PHP SLAB Parameter Cross-Site Script Vulnerability – [CVE-2008-6628]
  • razorCMS 0.3RC2 Index.PHP CAT Parameter Cross-Site Script Vulnerability – [CVE-2008-6628]
  • Job2C 4.2 Windetail.PHP Local File Include Vulnerability – [CVE-2008-6628]
  • Job2C 4.2 Detail.PHP Local File Include Vulnerability – [CVE-2008-6628]
  • SMA-DB 0.3.13 Format.PHP PAGE_CSS Parameter Remote File Include Vulnerabilit – [CVE-2008-6628]
  • SMA-DB 0.3.13 Format.PHP PAGE_JAVASCRIPT Parameter Remote File Include Vulnerabilit – [CVE-2008-6628]
  • SMA-DB 0.3.13 Format.PHP PAGE_CONTENT Parameter Remote File Include Vulnerabilit – [CVE-2008-6628]
  • NetHoteles 3.0 Ficha.PHP SQL Injection Vulnerability – [CVE-2009-1346]
  • Phorum 5.2.10 Admin.PHP BADWORDS Parameter Cross Site Scripting Vulnerability – [CVE-2009-1346]
  • Phorum 5.2.10 Admin.PHP BANLIST Parameter Cross Site Scripting Vulnerability – [CVE-2009-1346]
  • LinPHA 1.3.3 Login.PHP Cross-Site Scripting Vulnerability – [CVE-2008-6571]
  • LinPHA 1.3.3 New_Images.PHP ORDER Parameter Cross-Site Scripting Vulnerability – [CVE-2008-6571]
  • LinPHA 1.3.3 New_Images.PHP PN Parameter Cross-Site Scripting Vulnerability – [CVE-2008-6571]
  • GuestCal 2.1 Index.PHP Local File Include Vulnerability – [CVE-2009-1319]
  • RQMS 1.2.2 Index.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-1319]
  • Aqua CMS 1.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-1317]
  • AbleSpace 1.0 Events_View.PHP SQL Injection Vulnerability – [CVE-2009-1316]
  • AbleSpace 1.0 Events_Clndr_View.PHP SQL Injection Vulnerability – [CVE-2009-1316]
  • AbleSpace 1.0 Groups_Profile.PHP Cross-Site Scripting Vulnerability – [CVE-2009-1315 ]
  • AbleSpace 1.0 Adv_Cat.PHP Cross-Site Scripting Vulnerability – [CVE-2009-1315 ]
  • Jamroom 4.0.2 Index.PHP Local File Include Vulnerability – [CVE-2009-1318]
  • Dynamic Flash Forum 1.0 Viewthreads.PHP SQL Injection Vulnerability – [CVE-2009-1318]
  • Dynamic Flash Forum 1.0 Viewmessage.PHP SQL Injection Vulnerability – [CVE-2009-1318]
  • Dynamic Flash Forum 1.0 Viewprofile.PHP SQL Injection Vulnerability – [CVE-2009-1318]
  • Loggix Project 9.4.5 Post.PHP SQL Injection Vulnerability – [CVE-2009-1318]
  • My Dealer CMS 2.0 Login.PHP SQL Injection Vulnerability – [CVE-2009-1318]
  • BackendCMS 5.0 Main.ASP SQL Injection Vulnerability – [CVE-2009-1318]
  • Banshee DAAP Extension 1.4.2 Vs_Diag.CGI Cross Site Scripting Vulnerability – [CVE-2009-1175]
  • ASP Product Catalog 1.0 Search.ASP Cross Site Scripting Vulnerability – [CVE-2009-1321]
  • e107 User Journals Plugin 0.8 Userjournals.PHP SQL Injection Vulnerability – [CVE-2009-1321]
  • FreznoShop 1.3.0 Product_Details.PHP SQL Injection Vulnerability – [CVE-2009-1321]
  • Yellow Duck Weblog 2.1 Check.PHP Local File Include Vulnerability – [CVE-2009-1321]
  • w3bcms Guestbook Module 3.0 Index.Inc.PHP SQL Injection Vulnerability – [CVE-2009-1321]
  • Redaxscript 0.2 Index.PHP Local File Include Vulnerability – [CVE-2009-1321]
  • Redaxscript 0.2 Index.PHP Local File Include Vulnerability – [CVE-2009-1321]
  • MoziloCMS 1.11 Index.PHP Local File Include Vulnerability – [CVE-2009-1321]
  • MoziloCMS 1.11 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1321]
  • net2ftp 0.98 Registerglobals.Inc.PHP Cross-Site Scripting Vulnerability – [CVE-2009-1321]
  • AdaptBB 1.0 Attach.PHP SQL Injection Vulnerability – [CVE-2009-1321]
  • AdaptBB 1.0 Index.PHP PROFILE/BOX Parameter SQL Injection Vulnerability – [CVE-2009-1321]
  • AdaptBB 1.0 Index.PHP MESSAGES/BOX Parameter SQL Injection Vulnerability – [CVE-2009-1321]
  • AdaptBB 1.0 Index.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-1321]
  • AdaptBB 1.0 Index.PHP PROFILE/BOX Parameter Remote Command Execution Vulnerability – [CVE-2009-1321]
  • AdaptBB 1.0 Index.PHP MESSAGES/BOX Parameter Remote Command Execution Vulnerability – [CVE-2009-1321]
  • Joomla! cmimarketplace Component 0.1 index.PHP Directory Traversal Vulnerability – [CVE-2009-1321]
  • Xplode Module_Wrapper.ASP Cross Site Scripting Vulnerability – [CVE-2009-1321]
  • Xplode Module_Wrapper.ASP SQL Injection Vulnerability – [CVE-2009-1321]
  • COWON America jetAudio 7.0.3 JetFlExt.dll ActiveX Control Insecure Method Vulnerability – [CVE-2007-4983]
  • SASPCMS 0.9 Default.ASP Cross Site Scripting Vulnerability – [CVE-2007-4983]
  • Photo-Graffix 3.4 Wmprocess.PHP Local File Include Vulnerability – [CVE-2007-4983]
  • Maian Music Joomla! Component 1.2.1 Index.PHP SQL Injection Vulnerability – [CVE-2007-4983]
  • Pixie CMS Index.PHP SQL Injection Vulnerability – [CVE-2009-1065]
  • Pixie CMS Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1067]
  • Joomla! BookJoomlas Component 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-1067]
  • FlexCMS 2.5 ITEMID Parameter SQL Injection Vulnerability – [CVE-2009-1067]
  • Gravity Board X 2.0 Index.PHP BOARD_ID Parameter SQL Injection Vulnerability – [CVE-2009-1067]
  • Gravity Board X 2.0 Index.PHP MEMBER_ID Parameter SQL Injection Vulnerability – [CVE-2009-1067]
  • AdaptBB Index.PHP SQL Injection Vulnerability – [CVE-2009-1067]
  • form2list Page.PHP SQL Injection Vulnerability – [CVE-2009-1067]
  • ActiveKB Loadpanel.PHP Local File Include Vulnerability – [CVE-2009-1067]
  • Joomla! RD-Autos Component 1.5.7 Index.PHP MAKEID Parameter SQL Injection Vulnerability – [CVE-2009-1067]
  • Q2 Solutions ConnX 4.0.20080606 FrmLoginPwdReminderPopup.ASPX SQL Injection Vulnerability – [CVE-2009-1067]
  • Asbru Web Content Management 6.6.9 Login.ASP Cross Site Scripting Vulnerability – [CVE-2009-1067]
  • Asbru Web Content Management 6.6.9 Page.ASP SQL Injection Vulnerability – [CVE-2009-1067]
  • KoschtIT Image Gallery 1.82 Ki_Makepic.PHP Local File Include Vulnerability – [CVE-2009-1067]
  • KoschtIT Image Gallery 1.82 Ki_Nojsdisplayimage.PHP Local File Include Vulnerability – [CVE-2009-1067]
  • SAP Business Objects Crystal Reports 10.0 Viewreport.ASP Cross Site Scripting Vulnerability – [CVE-2009-1067]
  • 4CMS Index.PHP Local File Include Vulnerability – [CVE-2009-1067]
  • 4CMS Articles.PHP SQL Injection Vulnerability – [CVE-2009-1067]
  • 4CMS Article.PHP SQL Injection Vulnerability – [CVE-2009-1067]

This entry was posted in N-Stalker Latest Updates and tagged , . Bookmark the permalink.