TGS Content Management Vulnerabilities and multiple updates

By N-Stalker Team on October 9, 2009

N-Stalker has made available its latest “N-Stealth Web Attack Database” update for all products, including N-Stalker 2009 and 2006 version.You should be able to automatically download it next time you execute N-Stalker Scanner.

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note:  N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

  • nePHP Publisher 4.5 SQL Login SQL Injection Vulnerability – [CVE-2009-3315]
  • CF Shopkart 5.4 Index.CFM SQL Injection Vulnerability – [CVE-2009-3309]
  • com_album Joomla! Component 1.14 Local File Include Vulnerability – [CVE-2009-3309]
  • TuttoPHP Morris Guestbook View.PHP Cross Site Scripting Vulnerability – [CVE-2009-3309]
  • Mega File Hosting Script 1.2 Emaillinks.PHP Cross Site Scripting Vulnerability – [CVE-2009-3309]
  • Joomla! Foobla RSS Feed Creator Component \’id\’ Parameter SQL Injection Vulnerability – [CVE-2009-3309]
  • Joomla! Foobla Suggestions Component 1.5.11 Index.PHP SQL Injection Vulnerability – [CVE-2009-3309]
  • Joomla! djCatalog Component 1.5 Index.PHP CID Paramenter SQL Injection Vulnerability – [CVE-2009-3309]
  • Joomla! djCatalog Component 1.5 Index.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-3309]
  • NetArt Media iBoutique.MALL 1.2 Index.PHP SQL Injection Vulnerability – [CVE-2009-3309]
  • TGS Content Management Frontpage_Ception.PHP CMD Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP USERFILE1 Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP ACTION Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP MYSQL_L Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP SUBJ Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP USERFILE14 Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP FTP_SERVER_PORT Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP BRUTE_METHOD Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP SUBMIT Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP TEST15_FILE1 Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP TEST3_MP Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP S_MASK Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP MINUTES Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Frontpage_Ception.PHP S_DIR Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP TGS_LANGUAGE_ID Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP DB_HOST Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP DEFAULT_LANGUAGE Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP ADMIN_EMAIL Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP OWNER Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP DB_OPTIMIZATION Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP OPTION Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP TPL_DIR Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP REFERER Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP USER-AGENT Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Index.PHP SITE Parameter SQL Injection Vulnerability – [CVE-2009-2929]
  • TGS Content Management Login.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2928]
  • Joomla! Hotel Booking System Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-3368]
  • Joomla! Hotel Booking System Detail8.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail7.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail6.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail5.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail4.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail3.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail2.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail1.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System Detail.PHP SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System LongDesc.PHP RID Parameter SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System LongDesc.PHP H_ID Parameter SQL Injection Vulnerability – [CVE-2009-3357]
  • Joomla! Hotel Booking System LongDesc.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-3357]
  • PHP-Lance 1.52 Advanced_Search.PHP Local File Include Vulnerability – [CVE-2009-2923]
  • PHP-Lance 1.52 Show.PHP Local File Include Vulnerability – [CVE-2009-2923]
  • PHP-Lance 1.52 Show.PHP Local File Include Vulnerability – [CVE-2009-2923]
  • Joomla! AlphaUserPoints Component Checkusername.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! com_mediaalert Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! Com_Pressrelease Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! Lucy Games Component 1.5.4 Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! TPDugg Component 1.1 Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! Com_Speech Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! Joomloc Component 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Mambo Hestar Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Nicecoder iDesk 1.0 Download.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Joomla! Joomlub Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • Mambo Zoom Component 2.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • DvBBS 2.0 Boardrule.PHP SQL Injection Vulnerability – [CVE-2009-3342]
  • DotNetNuke 5.1.1 ClientAPI Cross-Site Scripting Vulnerability – [CVE-2009-3342]
  • PHP Live! 3.3 Message_Box.PHP SQL Injection Vulnerability – [CVE-2009-3062]
  • Discuz! JangHu Inn Plugin 1.1 Forummission.PHP SQL Injection Vulnerability – [CVE-2009-3062]
  • 68 Classifieds 4.1.4 Viewmember.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2780]
  • 68 Classifieds 4.1.4 Viewlisting.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2780]
  • 68 Classifieds 4.1.4 Toplistings.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2780]
  • 68 Classifieds 4.1.4 Searchresults.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2780]
  • 68 Classifieds 4.1.4 Login.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2780]
  • 68 Classifieds 4.1.4 Category.PHP Cross-Site Scripting Vulnerability – [CVE-2009-2780]
  • Joomla! Art Portal Component 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-3054]
  • Joomla! Game Server Component 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-3063]

This entry was posted in N-Stalker Latest Updates and tagged , . Bookmark the permalink.