SAP cFolders & MyBB vulnerabilities

By N-Stalker Team on May 21, 2009

N-Stalker has made available its latest “N-Stealth Web Attack Database” update for all products, including N-Stalker 2009 and 2006 version.You should be able to automatically download it next time you execute N-Stalker Scanner.

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note:  N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

  • DGNews 3.0 Berita.PHP SQL Injection Vulnerability
  • Online Rent 5.0 Index.PHP SQL Injection Vulnerability
  • Pluck 4.6.2 Module_Info.PHP Local File Include Vulnerability
  • Pluck 4.6.2 Module_Info.PHP Local File Include Vulnerability
  • Pluck 4.6.2 Module_Info.PHP Local File Include Vulnerability
  • Flyspeck CMS 6.8 Addressbook.PHP Local File Include Vulnerability
  • Pc4Uploader 9.0 Code.PHP SQL Injection Vulnerability
  • VidShare Pro Listing_Video.PHP SQL Injection Vulnerability
  • MyPic 2.1 Bom.PHP Directory Traversal Vulnerability
  • collector.ch myGesuad 0.9.14 Sitzung.PHP Cross Site Scripting Vulnerability
  • collector.ch myGesuad 0.9.14 Budget.PHP SQL Injection Vulnerability
  • collector.ch myGesuad 0.9.14 Adresse.PHP SQL Injection Vulnerability
  • collector.ch myGesuad 0.9.14 Zahlung.PHP SQL Injection Vulnerability
  • collector.ch myColex 1.4.2 Person.PHP SQL Injection Vulnerability
  • collector.ch myColex 1.4.2 Schlagwort.PHP SQL Injection Vulnerability
  • collector.ch myColex 1.4.2 Kategorie.PHP SQL Injection Vulnerability
  • collector.ch myColex 1.4.2 Medium.PHP SQL Injection Vulnerability
  • collector.ch myColex 1.4.2 Kalender.PHP Cross Site Scripting Vulnerability
  • collector.ch myColex 1.4.2 Ereignis.PHP Cross Site Scripting Vulnerability
  • collector.ch myColex 1.4.2 Kategorie.PHP Cross Site Scripting Vulnerability
  • collector.ch myColex 1.4.2 Image.PHP Cross Site Scripting Vulnerability
  • PHPenpals 1.1 Mail.PHP SQL Injection Vulnerability
  • ArtForms Joomla! Component 2.1b7 Imgcaptcha.PHP Remote File Include Vulnerability
  • ArtForms Joomla! Component 2.1b7 Mp3captcha.PHP Remote File Include Vulnerability
  • ArtForms Joomla! Component 2.1b7 Swfmovie.PHP Remote File Include Vulnerability
  • Cacti 0.8.7 Data_Input.PHP Cross Site Scripting Vulnerability
  • Custom T-shirt Design Script Product.PHP SQL Injection Vulnerability
  • Custom T-shirt Design Script Product.PHP Cross Site Scripting Vulnerability
  • Dream Windows Max CMS 2.0 Ajax.ASP SQL Injection Vulnerability
  • Business Community Script Member_Details.PHP SQL Injection Vulnerability – [CVE-2009-1651]
  • Strawberry 1.1.1 Index.PHP Local File Include Vulnerability – [CVE-2009-1651]
  • SubmitterScript 2.0 Admin Login SQL Injection Vulnerability – [CVE-2009-1651]
  • Answer And Question Script Questiondetail.PHP Cross Site Scripting Vulnerability – [CVE-2009-1651]
  • beLive 0.2.3 Arch.PHP Local File Include Vulnerability – [CVE-2009-1649]
  • tenfourzero.net Shutter 0.1.1 Index.PHP PHOTOID Parameter SQL Injection Vulnerability – [CVE-2009-1649]
  • tenfourzero.net Shutter 0.1.1 Index.PHP TAGID Parameter SQL Injection Vulnerability – [CVE-2009-1649]
  • tenfourzero.net Shutter 0.1.1 Index.PHP ALBUMID Parameter SQL Injection Vulnerability – [CVE-2009-1649]
  • My Game Script 2.0 Admin.PHP SQL Injection Vulnerability – [CVE-2009-1649]
  • Matt Wright FormMail 1.92 FormMail.PL Cross Site Scripting Vulnerability – [CVE-2009-1649]
  • Family Connections 1.8.2 Profile.PHP SQL Injection Vulnerability – [CVE-2009-1649]
  • Scripts for Sites EZ Hot or Not Viewcomments.PHP SQL Injection Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Applications.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Header.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Configuration-Partial.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Logs.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Tasks.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Usersgroup.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Users.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • Open Virtual Desktop 1.0 Appsgroup.PHP Cross Site Scripting Vulnerability – [CVE-2008-6776]
  • SFS EZ Affiliate Directory.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • Php Recommend 1.3 Admin.PHP Remote File Include Vulnerability – [CVE-2008-6780]
  • Php Recommend 1.3 Admin.PHP PHP Code Injection Vulnerability – [CVE-2008-6780]
  • MicroTopic 1.00 Index.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • Dacio\’s Image Gallery 1.6 Index.PHP Local File Include Vulnerability – [CVE-2008-6780]
  • MagpieRSS 0.72 Magpie_Debug.PHP Cross Site Scripting Vulnerability – [CVE-2008-6780]
  • MagpieRSS 0.72 Magpie_Simple.PHP Cross Site Scripting Vulnerability – [CVE-2008-6780]
  • RTWebalbum 1.0.462 Index.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • LuxBum 0.5.5 Manager.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • Realty Web-Base 1.0 Admin.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • webSPELL 4.2 Getlang.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • ST-Gallery 0.1 Example.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • Almond Classifieds for Joomla! 5.6.2 Index.PHP SQL Injection Vulnerability – [CVE-2008-6780]
  • Verlihub Control Panel 1.7e Index.HTML Cross-Site Scripting Vulnerability – [CVE-2008-6780]
  • Verlihub Control Panel 1.7e Index.PHP Cross-Site Scripting Vulnerability – [CVE-2008-6780]
  • BluSky CMS Index.PHP SQL Injection Vulnerability – [CVE-2009-1548]
  • pecio cms 1.1.5 Index.PHP Local File Include Vulnerability – [CVE-2009-1519]
  • VerliAdmin 0.3.8 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-1519]
  • VerliAdmin 0.3.8 Index.PHP Q/NICK Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1519]
  • VerliAdmin 0.3.8 Index.PHP Q Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1519]
  • VerliAdmin 0.3.8 Index.PHP NICK Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1519]
  • TemaTres 1.0.3 Index.PHP SQL Injection Vulnerability – [CVE-2009-1584]
  • TemaTres 1.0.3 Sobre.PHP M Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Sobre.PHP Y Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Sobre.PHP ORD Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Index.PHP EXPRESION_DE_BUSQUEDA Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Index.PHP TEMA Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Index.PHP ESTADO_ID Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Index.PHP LETRA Parameter Cross-Site Scripting Vulnerability – [CVE-2009-1583]
  • TemaTres 1.0.3 Sobre.PHP M Parameter SQL Injection Vulnerability – [CVE-2009-1584]
  • TemaTres 1.0.3 Sobre.PHP Y Parameter SQL Injection Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 AuditModuleEdit.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 WebServicesGeneral.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 Registration.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 Resources.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 CustomMBeans.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 Configuration.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 Applications.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • Glassfish Enterprise Server 2.1 JdbcResourceEdit.JSF Cross Site Scripting Vulnerability – [CVE-2009-1584]
  • MyBB 1.4.5 Cross-Site Scripting Vulnerability – [CVE-2009-1584]
  • MiniTwitter 0.2 Index.PHP SQL Injection Vulnerability – [CVE-2009-1584]
  • Tiger DMS Login SQL Injection Vulnerability – [CVE-2009-1503]
  • Coppermine Photo Gallery 1.4.21 Showdoc.PHP Cross-Site Scripting Vulnerability – [CVE-2009-1503]
  • S-CMS 1.1 Plugin.PHP Local File Include Vulnerability – [CVE-2009-1503]
  • eLitius 1.0 Banner-Details.PHP SQL Injection Vulnerability – [CVE-2009-1506]
  • ProjectCMS 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-1500]
  • WebSPELL 4.1.2 Picture.PHP Local File Disclosure Vulnerability – [CVE-2009-1500]
  • MIM:InfiniX 1.2.3 Index.PHP YEAR Parameter SQL Injection Vulnerability – [CVE-2009-1500]
  • MIM:InfiniX 1.2.3 Index.PHP MONTH Parameter SQL Injection Vulnerability – [CVE-2009-1500]
  • Photo-Rigma.BiZ 30 SQL Injection and Cross Site Scripting Vulnerabilities – [CVE-2009-1500]
  • PuterJam\’s Blog PJBlog3 3.0.6.170 Action.ASP SQL Injection Vulnerability – [CVE-2009-1481]
  • Linksys WVC54GCA 1.00R24 Wireless-G File.CGI THIS_FILE Parameter Directory Traversal Vulnerabilities – [CVE-2009-1481]
  • Linksys WVC54GCA 1.00R24 Wireless-G File.CGI NEXT_FILE Parameter Directory Traversal Vulnerabilities – [CVE-2009-1481]
  • Thickbox Gallery 2.0 Index.PHP Local File Include Vulnerability – [CVE-2009-1481]
  • Flatchat 3.0 Pmscript.PHP Local File Include Vulnerability – [CVE-2009-1486]
  • ECShop 2.5 User.PHP SQL Injection Vulnerability – [CVE-2009-1486]
  • Dew-NewPHPLinks 2.0 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-1486]
  • Dew-NewPHPLinks 2.0 Index.PHP Local File Include Vulnerability – [CVE-2009-1486]
  • EZ-Blog Specific.PHP SQL Injection Vulnerability – [CVE-2009-1486]
  • OpenCart 1.1.8 Index.PHP Local File Include Vulnerability – [CVE-2009-1486]
  • MataChat Input.PHP Cross Site Scripting Vulnerability – [CVE-2009-1486]
  • Novell Teaming 1.0 Multiple Cross Site Scripting Vulnerabilities – [CVE-2009-1294]
  • CS Whois Lookup IP Parameter Remote Command Execution Vulnerability – [CVE-2009-1294]
  • WebPortal CMS 0.7.4 Indexk.PHP Remote File Include Vulnerability – [CVE-2009-1444]
  • WebPortal CMS 0.7.4 Index.PHP Local File Include Vulnerability – [CVE-2009-1445]
  • WebPortal CMS 0.7.4 Help.PHP Local File Include Vulnerability – [CVE-2009-1445]
  • Creasito 1.3.16 Checkuser.PHP SQL Injection Vulnerability – [CVE-2009-1445]
  • EZ Webitor Login.PHP SQL Injection Vulnerability – [CVE-2009-1445]
  • cpCommerce 1.2.6 Document.PHP SQL Injection Vulnerability – [CVE-2009-1345]
  • Multi-lingual E-Commerce System 0.2 Local File Include Vulnerability – [CVE-2009-1345]
  • Flatnux 2009-03-27 None_Control_Center/Section.PHP Local File Include Vulnerability – [CVE-2009-1345]
  • Malleo 1.2.3 Admin.PHP Local File Include Vulnerability – [CVE-2009-1345]
  • SAP cFolders Col_Table_Filter.HTM Cross Site Scripting Vulnerability – [CVE-2009-1345]
  • SAP cFolders Me_Ov.HTM Cross Site Scripting Vulnerability – [CVE-2009-1345]
  • MixedCMS 1.0 Beta Mod.PHP Directory Traversal Vulnerability – [CVE-2009-1345]
  • MixedCMS 1.0 Beta Mod.PHP Local File Include Vulnerability – [CVE-2009-1345]
  • MixedCMS 1.0 Beta Mod.PHP MOD Parameter Local File Include Vulnerability – [CVE-2009-1345]
  • VS Panel 7.3.6 Showcat.PHP SQL Injection Vulnerability – [CVE-2009-1345]
  • Quick.CMS.Lite 0.5 Index.PHP SQL Injection Vulnerability – [CVE-2009-1410]
  • CRE Loaded 6.2 Product_Info.PHP SQL Injection Vulnerability – [CVE-2009-1403]
  • NotFTP 1.3.1 Config.PHP Local File Include Vulnerability – [CVE-2009-1407]
  • PastelCMS 0.8 Index.PHP Local File Include Vulnerability – [CVE-2009-1407]
  • PastelCMS 0.8 Admin.PHP SQL Injection Vulnerability – [CVE-2009-1407]
  • TotalCalendar 2.4 Cms_Detect.PHP Local File Include Vulnerability – [CVE-2009-1407]
  • Online Guestbook Pro Ogp_Show.PHP SQL Injection Vulnerability – [CVE-2009-1407]
  • Online Contact Manager 3.0 Delete.PHP Cross Site Scripting Vulnerability – [CVE-2009-1407]
  • Online Contact Manager 3.0 Edit.PHP Cross Site Scripting Vulnerability – [CVE-2009-1407]
  • Online Contact Manager 3.0 Email.PHP Cross Site Scripting Vulnerability – [CVE-2009-1407]
  • Online Contact Manager 3.0 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1407]
  • Online Contact Manager 3.0 View.PHP Cross Site Scripting Vulnerability – [CVE-2009-1407]

This entry was posted in N-Stalker Latest Updates and tagged , , . Bookmark the permalink.