Joomla! Vulnerabilities and multiple updates

By N-Stalker Team on June 15, 2009

N-Stalker has made available its latest “N-Stealth Web Attack Database” update for all products, including N-Stalker 2009 and 2006 version.You should be able to automatically download it next time you execute N-Stalker Scanner.

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note:  N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

  • Pivot 1.40.7 User.PHP Cross Site Scripting Vulnerability
  • Pivot 1.40.7 Index.PHP Cross Site Scripting Vulnerability
  • Yogurt 0.3 Inc_Webblogmanager.ASP SQL Injection Vulnerability
  • Yogurt 0.3 Inc_Webblogmanager.ASP Cross-Site Scripting Vulnerability
  • Multiple OrdaSoft Joomla! Components 1.5 Toolbar_Ext.PHP Remote File Include Vulnerability
  • Joomla! AkoBook Component 2.3 Index.PHP SQL Injection Vulnerability
  • Joomla! ComSchool Component 1.4 Index.PHP SQL Injection Vulnerability
  • Ideal MooFAQ Joomla! Component 1.0 File_Includer.PHP Local File Include Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP THEME_HEADER Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP JA_FONT Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP RIGHTCOLLAPSEDEFAULT Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP EXCLUDEMODULES Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP SLOGANTEXT Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP LOGOTEXT Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP THEME_ELEMENTS Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! 1.5.10 Index.PHP THEME_BACKGROUND Parameter Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • moziloCMS 1.11.1 index.PHP Cross Site Scripting Vulnerability – [CVE-2009-2015]
  • Joomla! and Mambo Mosres Component 1.0f Index.PHP SQL Injection Vulnerability – [CVE-2009-2015]
  • Joomla! and Mambo Mosres Component 1.0f Index.PHP PROPERTY_UID Parameter SQL Injection Vulnerability – [CVE-2009-2015]
  • Joomla! and Mambo Mosres Component 1.0f Index.PHP REGID Parameter SQL Injection Vulnerability – [CVE-2009-2015]
  • Omilen Photo Gallery Joomla! Component 0.5b Index.PHP Local File Include Vulnerability – [CVE-2009-2015]
  • Dream Windows Max CMS 2.0 Admin_Manager.ASP SQL Injection Vulnerability – [CVE-2009-1818]
  • Seminar for Joomla! 1.28 Index.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • Unclassified NewsBoard 1.6.4 Forum.PHP Local File Include Vulnerability – [CVE-2009-1818]
  • Unclassified NewsBoard 1.6.4 Forum.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • Seminar for Joomla! 1.28 Index.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • PHP-Nuke Downloads Module 8.0 Modules.PHP Cross Site Scripting Vulnerability – [CVE-2009-1818]
  • Joomla! JUser Component 2.0.4 Index.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • eliteCMS 1.01 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1818]
  • OCS Inventory NG Server 1.02 Group_Show.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • OCS Inventory NG Server 1.02 Download.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • ZeusCart 2.3 Index.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • Joomla! JVideo! Component 0.3.11c Index.PHP SQL Injection Vulnerability – [CVE-2009-1818]
  • Achievo 1.3.4 Dispatch.PHP Cross Site Scripting Vulnerability – [CVE-2009-1818]
  • Achievo 1.3.4 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1818]
  • Lussumo Vanilla 1.1.7 Updatecheck.PHP Cross Site Scripting Vulnerability – [CVE-2009-1845]
  • phpBugTracker 1.0.4 Include.PHP SQL Injection Vulnerability – [CVE-2009-1851]
  • SiteX 0.7.4.418 Homepage.PHP Local File Include Vulnerability – [CVE-2009-1846]
  • AgoraGroups Joomla! Component 0.3.5.3 Index.PHP SQL Injection Vulnerability – [CVE-2009-1848]
  • Easy PX 41 CMS 9.0 Index.PHP Local File Include Vulnerability – [CVE-2009-1848]
  • PHP-Nuke 8.0 UserLog.PHP SQL Injection Vulnerability – [CVE-2009-1848]
  • Dokuwiki 2009-02-14 Doku.PHP Local File Include Vulnerability – [CVE-2009-1848]
  • RoomPHPlanning 1.6 Userform.PHP SQL Injection Vulnerability – [CVE-2009-1848]
  • phpBugTracker 1.0.3 Index.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • cpCommerce 1.2.9 Functions.PHP Remote File Include Vulnerability – [CVE-2009-1850]
  • vbPlaza Vbplaza.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • WP-Lytebox Main.PHP Local File Include Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Newsletter_Threads.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Users.PHP LETTER Parameter Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Users.PHP STATUS Parameter Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Users.PHP ACTION Parameter Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Profile.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Setup.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Aff.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Email_Templates.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Aff_Banners.PHP BANNER_ID Parameter Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Aff_Banners.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Coupons.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Protect.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Products.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • aMember 3.1.7 Newsletter_Guests.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • Joomla! Boy Scout Advancement 0.3 Index.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-1850]
  • Joomla! Boy Scout Advancement 0.3 Index.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • Basic Analysis And Security Engine 1.4.2 Base_Stat_Uaddr.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • Basic Analysis And Security Engine 1.4.2 Base_Qry_Main.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • Basic Analysis And Security Engine 1.4.2 Base_Stat_Alerts.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • Saman Portal Index.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • ZaoCMS Edit_User.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • DotNetNuke 4.9.3 ErrorPage.ASPX Cross-Site Scripting Vulnerability – [CVE-2009-1850]
  • LxBlog User_Index.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • LxBlog User_Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 Num_Questions.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 Questions.PHP ORDER_NUMBER Parameter SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 Questions.PHP QUIZ Parameter SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 Results_Table_Web.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 High_Score_Web.PHP QUIZ Parameter SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 High_Score.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 Answers.PHP ORDER_NUMBER Parameter SQL Injection Vulnerability – [CVE-2009-1850]
  • Flash Quiz 2.0 Answers.PHP QUIZ Parameter SQL Injection Vulnerability – [CVE-2009-1850]
  • Your Articles Directory Page.PHP SQL Injection Vulnerability – [CVE-2009-1850]
  • ASP Inline Corporate Calendar Search.ASP Cross Site Scripting Vulnerability – [CVE-2009-1850]
  • ASP Inline Corporate Calendar Active_Appointments.ASP SQL Injection Vulnerability – [CVE-2009-1850]
  • 26th Avenue bSpeak 1.10 Index.PHP SQL Injection Vulnerability – [CVE-2009-1747]
  • Realty Web-Base 1.0 List_List.PHP Parameter SQL Injection Vulnerability – [CVE-2009-1751 ]
  • Scripts for Sites EZ Pub Site Directory.PHP SQL Injection Vulnerability – [CVE-2008-6794]
  • Catviz 0.4 Index.PHP WEBPAGES_FORM Cross Site Scripting Vulnerability – [CVE-2009-1749]
  • Catviz 0.4 Index.PHP USERMAN_FORM Cross Site Scripting Vulnerability – [CVE-2009-1749]
  • Catviz 0.4 Index.PHP WEBPAGES_FORM Local File Include Vulnerability – [CVE-2009-1748]
  • Catviz 0.4 Index.PHP USERMAN_FORM Local File Include Vulnerability – [CVE-2009-1748]
  • Joomla! Casino Component 0.3.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-1748]
  • VidsharePro Listing_Video.PHP SQL Injection Vulnerability – [CVE-2009-1734]
  • VidsharePro Search.PHP Cross Site Scripting Vulnerability – [CVE-2009-1735]
  • Dog Pedigree Online Database 1.2 ManagePerson.PHP SQL Injection Vulnerability – [CVE-2009-1735]
  • Dog Pedigree Online Database 1.2 Details.PHP SQL Injection Vulnerability – [CVE-2009-1735]
  • Coppermine Photo Gallery 1.4.22 Displayecard.PHP SQL Injection Vulnerability – [CVE-2009-1735]
  • Coppermine Photo Gallery 1.4.22 Thumbnails.PHP SQL Injection Vulnerability – [CVE-2009-1735]
  • Joomla! com_gsticketsystem Index.PHP SQL Injection Vulnerability – [CVE-2009-1735]

This entry was posted in N-Stalker Latest Updates and tagged , . Bookmark the permalink.