Joomla and WordPress attacks and multiple updates
N-Stalker has made available its latest “N-Stealth Web Attack Database” update for all products, including N-Stalker 2009 and 2006 version.You should be able to automatically download it next time you execute N-Stalker Scanner.
If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.
Important Note: N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.
This release includes patterns for the following vulnerabilities:
- Yoast Google Analytics for WordPress Plugin 3.2.4 404 Error Page Cross Site Scripting Vulnerability
- Invision Power Board 3.0.4 Index.PHP SQL Injection Vulnerability
- Invision Power Board 3.0.4 Index.PHP Local File Include Vulnerability
- Invision Power Board 3.0.4 Index.PHP SQL Injection Vulnerability
- Thatware 0.5.3 Thatfile.PHP Remote File Include Vulnerability
- Thatware 0.5.3 Artlist.PHP Remote File Include Vulnerability
- Thatware 0.5.3 Config.PHP Remote File Include Vulnerability
- Ciamos 0.9.5 Index.PHP Remote File Include Vulnerability – [CVE-2009-4156]
- Joomla! mojoBlog Component RC0.15 Wp-Comments-Post.PHP Remote File Include Vulnerability – [CVE-2009-4156]
- Joomla! mojoBlog Component RC0.15 Wp-Trackback.PHP Remote File Include Vulnerability – [CVE-2009-4156]
- Joomla! Joaktree Component 1.0 ‘treeId’ Parameter SQL Injection Vulnerability – [CVE-2009-4156]
- Elxis Feedcreator.Class.PHP Directory Traversal Vulnerability – [CVE-2009-4154]
- SmartMedia Module for XOOPS 0.85 Folder.PHP Cross Site Scripting Vulnerability – [CVE-2009-4359]
- Joomla! Quick News Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4359]
- Content Module for XOOPS 0.5 Index.PHP SQL Injection Vulnerability – [CVE-2009-4360]
- Power Phlogger 2.2.5 DspStats.PHP Cross-site Scripting Vulnerability – [CVE-2009-4253]
- Joomla! 1.5.11 404 Error Page Cross Site Scripting Vulnerability – [CVE-2009-4253]
- MusicGallery Joomla! Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4217]
- Joomla! ProofReader Component 1.0 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4157]
- LyftenBloggie Joomla! Component 1.0.4 Index.PHP SQL Injection Vulnerability – [CVE-2009-4104]
- phpBazar 2.1.1 Classified.PHP SQL Injection Vulnerability – [CVE-2009-4221]
- Joomla! Google Calendar Component 1.1.2 Index.PHP SQL Injection Vulnerability – [CVE-2009-4099]
- Quick.Cart 2.4 and Quick.CMS 3.4 Delete Function Cross Site Request Forgery Vulnerability – [CVE-2009-4120]
- klinza professional cms 5.0.1 Menulast.PHP Local File Include Vulnerability – [CVE-2009-4216]
- WordPress WP-Cumulus Plugin 1.22 Tagcloud.SWF Cross-Site Scripting Vulnerability – [CVE-2009-4168]
- PHP Live! 3.1 Help.PHP Remote File Include Vulnerability – [CVE-2009-4168]
- WordPress Trashbin Plugin 0.1 Edit.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4168]
- WordPress WP-PHPList Plugin 2.10.2 Wp-Phplist.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4168]
- Outreach Project Tool 1.2.7 Index.PHP Remote File Include Vulnerability – [CVE-2009-4082]
- CubeCart 4.3.6 ViewProd.Inc.PHP SQL Injection Vulnerability – [CVE-2009-4060]
- Joomla! iF Portfolio Nexus Component Index.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-4057]
- Joomla! iF Portfolio Nexus Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4057]
- ActiveWebSoftwares Active Bids Default.ASP SQL Injection Vulnerability – [CVE-2009-4057]
- Joomla! JoomClip Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4059]
- Multiple JiRo’s Products Login.ASP SQL Injection Vulnerability – [CVE-2009-4218]
- Joomla! eZine Component 2.1 D4m_Ajax_Pagenav.PHP Remote File Include Vulnerability – [CVE-2009-4094]
- eNdonesia 8.4 Mod.PHP Local File Include Vulnerability – [CVE-2009-4094]
- TFTgallery 0.13 Index.PHP Directory Traversal Vulnerability – [CVE-2009-3912]
- TFTgallery 0.13 Settings.PHP Cross Site Scripting Vulnerability – [CVE-2009-3911]
- Joomla! Com_Photoblog Component 3a Index.PHP SQL Injection Vulnerability – [CVE-2009-3834]
- TFTgallery 0.13 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-3833]
- TBmnetCMS 1.0 Tbmnet.PHP Cross Site Scripting Vulnerability – [CVE-2009-3747]
- Achievo 1.3.4 Debugger.PHP Remote File Include Vulnerability – [CVE-2009-3705]
- RunCMS Post.PHP SQL Injection Vulnerability – [CVE-2009-3705]
- Joomla! Com_Jshop Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3835]
- OpenDocMan 1.2.5 View_File.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 User.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Search.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Rejects.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Add.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Profile.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Department.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Category.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Admin.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- OpenDocMan 1.2.5 ToBePublished.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
- Joomla! com_booklibrary Component 1.0 Releasenote.PHP Remote File Include Vulnerability – [CVE-2009-3817]
This entry was posted in N-Stalker Latest Updates and tagged updates, vulnerabilities. Bookmark the permalink.