Citrix XenCenterWeb and multiple vulnerabilities updated

By N-Stalker Team on July 23, 2009

N-Stalker has made available its latest “N-Stealth Web Attack Database” update for all products, including N-Stalker 2009 and 2006 version.You should be able to automatically download it next time you execute N-Stalker Scanner.

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note:  N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

  • YourFreeWorld Programs Rating Script Rate.PHP Cross Site Scripting Vulnerability
  • YourFreeWorld Programs Rating Script Postcomments.PHP Cross Site Scripting Vulnerability
  • E-Xoopport MyAnnonces Index.PHP SQL Injection Vulnerability
  • dB Masters Multimedia Content Manager 4.5 Index.PHP SQL Injection Vulnerability
  • Joomla! Jobline Component 1.1.3.1 Index.PHP SQL Injection Vulnerability
  • Multiple RadScripts Products Index.PHP SQL Injection Vulnerability
  • Multiple RadScripts Products Storefront.PHP Cross Site Scripting Vulnerability
  • Multiple RadScripts Products Index.PHP FID Parameter SQL Injection Vulnerability
  • db Masters Multimedia Content Manager 4.5 Index.PHP SQL Injection Vulnerability
  • PHPLive! 3.2.2 Request.PHP SQL Injection Vulnerability
  • Opial 10 Home.PHP SQL Injection Vulnerability
  • Opial 10 Home.PHP Cross-Site Scripting Vulnerability
  • WordPress My Category Order Plugin 2.8 Post-New.PHP SQL Injection Vulnerability
  • Joomla! Com_Category Component Index.PHP SQL Injection Vulnerability
  • Joomla! Com_Propertylab Component Index.PHP SQL Injection Vulnerability
  • ClanSphere 2009.0 Index.PHP Cross Site Scripting Vulnerability
  • Siteframe 3.2.3 Document.PHP SQL Injection Vulnerability
  • ADbNewsSender 1.5.5 Index.PHP Local File Include Vulnerability
  • Citrix XenCenterWeb Edituser.PHP Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Login.PHP SQL Injection Vulnerability
  • Citrix XenCenterWeb Forcesd.PHP VMNAME Parameter Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Forcesd.PHP VMREFID Parameter Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Forcerestart.PHP VMREFID Parameter Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Forcerestart.PHP VMNAME Parameter Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Console.PHP VMNAME Parameter Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Console.PHP LOCATION Parameter Cross-Site Scripting Vulnerability
  • Citrix XenCenterWeb Console.PHP SESSIONID Parameter Cross-Site Scripting Vulnerability
  • CMME 1.21 Admin.PHP Cross Site Scripting Vulnerability – [CVE-2009-2342]
  • Horde 3.1 Main.PHP Cross Site Scripting Vulnerability – [CVE-2009-2360]
  • Opial 1.0 Albumdetail.PHP SQL Injection Vulnerability – [CVE-2009-2341]
  • ConPresso 3.4.8 CMS Detail.PHP SQL Injection Vulnerability – [CVE-2009-2341]
  • Opial 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-2340]
  • fuzzylime (cms) Newsheads.PHP Local File Include Vulnerability – [CVE-2008-6834]
  • fuzzylime (cms) Commupdate.PHP Local File Include Vulnerability – [CVE-2008-6834]
  • TSEP 0.942.2 Index.PHP Local File Include Vulnerability – [CVE-2008-6834]
  • TSEP 0.942.2 Tsepsearch.PHP Q Parameter Cross Site Scripting Vulnerability – [CVE-2008-6834]
  • TSEP 0.942.2 Tsepsearch.PHP USER_E Parameter Cross Site Scripting Vulnerability – [CVE-2008-6834]
  • TSEP 0.942.2 Indexer_Search_Table.PHP Cross Site Scripting Vulnerability – [CVE-2008-6834]
  • BIGACE Web CMS 2.6 Index.PHP Local File Include Vulnerability – [CVE-2008-6834]
  • Simple Machines Forum Member Awards 1.0.2 Index.PHP SQL Injection Vulnerability – [CVE-2008-6834]
  • LightOpenCMS 0.1 Smarty.PHP Local File Include Vulnerability – [CVE-2009-2223]
  • phpMyAdmin 3.3.0-dev Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-2284]
  • cPanel Lastvisit.HTML Arbitrary File Disclosure Vulnerability – [CVE-2009-2275]
  • Joomla! K2 Component 1.0.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-2275]
  • Joomla! Joomla-PHP Component Index.PHP SQL Injection Vulnerability – [CVE-2009-2400]
  • DM Albums 1.9.2 Album.PHP Remote File Include Vulnerability – [CVE-2009-2400]
  • DM Albums 1.9.2 Album.PHP Remote File Include Vulnerability – [CVE-2009-2400]
  • Joomla! BookFlip Component 2.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-2400]
  • PinME! Joomla! Component 2.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-2400]
  • MDPro Survey Module Modules.PHP SQL Injection Vulnerability – [CVE-2009-2400]
  • Moodle 1.9.3 Block_Html.PHP Cross Site Scripting Vulnerability – [CVE-2009-0502]
  • PHP-Address Book 4.0.1 View.PHP SQL Injection Vulnerability – [CVE-2009-2259]
  • PHP-Address Book 4.0.1 Delete.PHP SQL Injection Vulnerability – [CVE-2009-2259]
  • PHP-Address Book 4.0.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-2259]
  • PHP-Address Book 4.0.1 Edit.PHP SQL Injection Vulnerability – [CVE-2009-2259]
  • Aardvark Topsites PHP 5.2 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • PHPEcho CMS 2.0-rc3 Index.PHP SQL Injection Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Nlarlist_Content.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Tb_Foot.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Forum.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Forum.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Forum.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Forum.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Forum.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Header.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Contact.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Contact.Inc.PHP Cross Site Scripting Vulnerability – [CVE-2009-2259]
  • Tribiq CMS 5.0.12c Header.Inc.PHP Local File Include Vulnerability – [CVE-2009-2220]
  • Tribiq CMS 5.0.12c Contact.Inc.PHP Local File Include Vulnerability – [CVE-2009-2220]
  • Tribiq CMS 5.0.12c Masthead.Inc.PHP Local File Include Vulnerability – [CVE-2009-2220]
  • Tribiq CMS 5.0.12c Toppanel.Inc.PHP Local File Include Vulnerability – [CVE-2009-2220]
  • Tribiq CMS 5.0.12c Nlarlist_Content.Inc.PHP Local File Include Vulnerability – [CVE-2009-2220]
  • Glossword 1.8.11 Index.PHP Local File Include Vulnerability – [CVE-2009-2220]
  • Shop-Script Pro 2.12 Index.PHP SQL Injection Vulnerability – [CVE-2009-2023]
  • Joomla! and Mambo Tickets Component 2.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-2023]
  • Campsite 2.6.2 Ad_Popup.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 List_Dir.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2181]
  • Campsite 2.6.2 Ad.PHP Local File Include Vulnerability – [CVE-2009-2183]
  • Campsite 2.6.2 Autopublish_Del.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Autopublish.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Add_Move.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Add.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Index.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 CommandProcessor.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Phorum_Load.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Liveuser_Configuration.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Set-Author.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Menu.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Logout.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Init_Content.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • Campsite 2.6.2 Camp_Html.PHP Remote File Include Vulnerability – [CVE-2009-2182]
  • phpDatingClub 3.7 Search.PHP SQL Injection Vulnerability – [CVE-2009-2179]
  • phpDatingClub 3.7 Website.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2178]
  • Softbiz Ads Image.PHP SQL Injection Vulnerability – [CVE-2009-2232]
  • FireStats 1.6.1 Firestats-Wordpress.PHP Remote File Include Vulnerability – [CVE-2009-2143]
  • TBDEV.NET 01-01-08 Polls.PHP Cross Site Scripting Vulnerability – [CVE-2009-2141]
  • TBDEV.NET 01-01-08 Makepoll.PHP Cross Site Scripting Vulnerability – [CVE-2009-2141]
  • DirectAdmin 1.33.6 CMD_REDIRECT Cross-Site Scripting Vulnerability – [CVE-2009-2141]
  • geccBBlite 0.1 Scrivi.PHP HTML Injection Vulnerability – [CVE-2009-2141]
  • fuzzylime (cms) 3.03a Confirm.PHP Local File Include Vulnerability – [CVE-2009-2141]
  • fuzzylime (cms) 3.03a Display.PHP Local File Include Vulnerability – [CVE-2009-2141]
  • phpWebThings 1.5.2 Help.PHP Local File Include Vulnerability – [CVE-2009-2081]
  • phPortal 1.0 Topicler.PHP SQL Injection Vulnerability – [CVE-2009-2098]
  • Joomla! Com_Jumi Component Index.PHP SQL Injection Vulnerability – [CVE-2009-2102]
  • WordPress Photoracer Plugin 1.0 Viewimg.PHP SQL Injection Vulnerability – [CVE-2009-2122]
  • iJoomla RSS Feeder Component Index.PHP SQL Injection Vulnerability – [CVE-2009-2099 ]
  • JoomlaPraise Projectfork 2.0.10 Joomla! Component Index.PHP Local File Include Vulnerability – [CVE-2009-2100]
  • Webmedia Explorer 5.10 Index.PHP SEARCH Parameter Cross Site Scripting Vulnerability – [CVE-2009-2107]
  • Webmedia Explorer 5.10 Index.PHP EMAIL Parameter Cross Site Scripting Vulnerability – [CVE-2009-2107]
  • Webmedia Explorer 5.10 Index.PHP BOOKMARK Parameter Cross Site Scripting Vulnerability – [CVE-2009-2107]
  • Webmedia Explorer 5.10 Index.PHP THISISNOTAREALCALL Parameter Cross Site Scripting Vulnerability – [CVE-2009-2107]

This entry was posted in N-Stalker Latest Updates and tagged , . Bookmark the permalink.