If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note: N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

• Joomla! DM Orders Component Index.PHP SQL Injection Vulnerability
• Joomla! jEmbed Component Index.PHP SQL Injection Vulnerability – [CVE-2010-1073]
• D-LINK DKVM-IP8 Auth.ASP Cross Site Scripting Vulnerability – [CVE-2010-0936]
• Com_Kk Joomla! Component Index.PHP SQL Injection Vulnerability – [CVE-2010-0936]
• Docebo 3.6.0.2 Index.PHP Local File Include Vulnerability – [CVE-2010-0936]
• Joomla! Com_Perchagallery Component Index.PHP SQL Injection Vulnerability – [CVE-2010-0694]
• Joomla! Joaktree Component 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-4784]
• Joomla! BF Survey Pro Index.PHP SQL Injection Vulnerability – [CVE-2010-2255]
• BF Survey Pro Joomla! Component Index.PHP Local File Include Vulnerability – [CVE-2010-2255]
• LXR Cross Referencer 0.9.6 Multiple Cross Site Scripting Vulnerabilities – [CVE-2009-4497]
• Dating Agent PRO 4.9.1 Search.PHP HTML Injection Vulnerability – [CVE-2009-4497]
• Dating Agent PRO 4.9.1 Picture.PHP HTML Injection Vulnerability – [CVE-2009-4497]
• Dating Agent PRO 4.9.1 Login.PHP SQL Injection Vulnerability – [CVE-2009-4497]
• Joomla! Module for Alfresco 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-4497]
• Discuz! 1.0 Member.PHP Cross Site Scripting Vulnerability – [CVE-2009-4497]
• DieselPay 1.6 Cross Site Scripting Vulnerability – [CVE-2009-4497]
• DieselPay 1.6 Directory Traversal Vulnerability – [CVE-2009-4497]
• Joomla! J-Projects Component Index.PHP SQL Injection Vulnerability – [CVE-2010-1363]
• Com_Doqment Joomla! Component Index.PHP SQL Injection Vulnerability – [CVE-2010-1363]
• MercuryBoard 1.1.5 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2010-1363]
• Shape5 Bridge of Hope Template for Joomla! Index.PHP SQL Injection Vulnerability – [CVE-2010-2254]
• WMNews 0.5 Wmnews.PHP Cross-Site Scripting Vulnerability – [CVE-2010-2254]
• XOOPS 2.4.2 Notification_Update.PHP SQL Injection Vulnerability – [CVE-2010-2254]
• Dailymeals Joomla! Component Index.PHP Local File Include Vulnerability – [CVE-2010-2254]
• Joomla! Com_Otzivi Component Index.PHP SQL Injection Vulnerability – [CVE-2010-2254]
• pL-PHP Index.PHP Cross-Site Scripting Vulnerability – [CVE-2010-2254]
• Joomla! Com_Tpjobs Component Index.PHP SQL Injection Vulnerability – [CVE-2010-2254]
• REZERVI Belegungsplan und Gästedatenbank 3.0.2 Mail.Inc.PHP Remote File Include Vulnerability – [CVE-2010-2254]
• Bible Study Joomla! Component 6.1 Index.PHP Local File Include Vulnerability – [CVE-2010-0157]
• CARTwebERP Joomla! Component Index.PHP Local File Include Vulnerability – [CVE-2010-0157]
• Joomla! Com_Aprice Component Index.PHP SQL Injection Vulnerability – [CVE-2010-0157]
• SLAED CMS 2.0 Index.PHP Cross Site Scripting Vulnerability – [CVE-2010-0157]
• Discuz! 2.0 Post.PHP Cross Site Scripting Vulnerability – [CVE-2010-0157]
• Discuz! 2.0 Misc.PHP Cross Site Scripting Vulnerability – [CVE-2010-0157]
• Com_Bfsurvey Joomla! Component Index.PHP Local File Include Vulnerability – [CVE-2010-0157]
• Joomla! Com_Countries Component Index.PHP SQL Injection Vulnerability – [CVE-2010-0157]
• Com_Abbrev Joomla! Component Index.PHP Local File Include Vulnerability – [CVE-2010-0985]
• VisionGate 1.6 Login.PHP Cross-Site Scripting Vulnerability – [CVE-2010-0985]
• VirtuaSystems VirtuaNews Pro 1.0.4 Admin.PHP Cross-Site Scripting Vulnerability – [CVE-2010-0985]
• PHPCart 3.1.2 Search.PHP Cross-Site Scripting Vulnerability – [CVE-2010-0985]
• Reamday Enterprises Magic News Plus 1.0.2 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2010-0985]
• ArticleLive 1.7.1.2 Blogs.PHP SQL Injection Vulnerability – [CVE-2010-0985]

Compared with 2007′s previous edition, the list of vulnerabilities has not changed that much, with code injection failures (ex: SQL Injection, command injection, etc.) and Cross-Site Scripting occupying the top of the list again. Please see the comparative table below:

OWASP is a non-profit organization created in 2003 with the mission to make application security visible so that individuals and organizations could be able to make well informed decisions about real application security risks. Bearing in mind that threats have become more evident in the application layer (and no longer in the network layer as it occurred 5 years ago) it is of the utmost importance that enterprises and corporations of all sizes using systems internally or externally developed get to know more about the potential risks present in Web applications.

The document in English, in its whole integrity, is made available HERE and soon its version in Portuguese will be also released, translated by both OWASP Brazil’s and OWASP Portugal’s communities.

N-Stalker’s solution is fully able to validate your environment against vulnerabilities listed on TOP 10 2010. Contact us!

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note: N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

• Photokorn 1.542 Install.PHP Cross Site Scripting Vulnerability
• Photokorn 1.542 Index.PHP Remote File Include Vulnerability
• Stardevelop Live Help 2.6 Frames.PHP Cross Site Scripting Vulnerability
• Stardevelop Live Help 2.6 Index_Offline.PHP Cross Site Scripting Vulnerability
• Imagevue r16 Upload.PHP Cross-Site Scripting Vulnerability
• Conkurent PHPMyCart 1.3 Sign_Aff.PHP Cross Site Scripting Vulnerability
• pL-PHP 0.9 Index.PHP Local File Include Vulnerability
• Discuz! 1.0 Misc.PHP SQL Injection Vulnerability
• BosClassifieds 1.20 Recent.PHP Cross Site Scripting Vulnerability
• PozScripts Classified Ads Store_Info.PHP SQL Injection Vulnerability
• DieselScripts Job Site 1.4 Index.PHP Remote File Include Vulnerability
• DieselScripts Job Site 1.4 Forgot.PHP ENAME Parameter Cross Site Scripting Vulnerability
• DieselScripts Job Site 1.4 Forgot.PHP UNAME Parameter Cross Site Scripting Vulnerability
• eStore 1.0.2 Store.PHP SQL Injection Vulnerability
• QuickEStore 7.9 Shipping.CFM SQL Injection Vulnerability
• QuickEStore 7.9 Checkout.CFM SQL Injection Vulnerability
• QuickEStore 7.9 Proddetail.CFM SQL Injection Vulnerability
• QuickEStore 7.9 Index.CFM SQL Injection Vulnerability
• QuickEStore 7.9 Prodpage.CFM SQL Injection Vulnerability

Comparada com a edição anterior de 2007, a lista das vulnerabilidades não mudou muito, sendo que as falhas de injeção de código (ex: SQL Injection, command injection, etc) e Cross-Site Scripting encabeçaram a lista novamente. Veja a tabela comparativa:

A OWASP é uma organização sem fins lucrativos que surgiu em 2003 com a missão de tornar a segurança de aplicação visível, de forma que pessoas e organizações possam tomar decisões bem informadas sobre os verdadeiros riscos de segurança de aplicações. Por conta das ameaças estarem mais evidentes na camada de aplicação, e não mais na camada de rede como há 5 anos atrás, é de extrema importância que empresas e corporações de todos os tamanhos e que utilizem sistemas desenvolvidos internamente ou externamente conheçam mais os potenciais riscos presentes em aplicações Web.

O documento em inglês na integra pode ser obtido AQUI e em breve será divulgada a  versão em Português, traduzida pelas comunidades OWASP Brasil e OWASP Portugal.

A solução da N-Stalker está preparada para validar seu ambiente contra as vulnerabilidades listadas no TOP 10 2010.

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note: N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

• AzDGDatingMedium 1.9.3 Login.PHP Cross Site Scripting Vulnerability
• AzDGDatingMedium 1.9.3 Search.PHP Cross Site Scripting Vulnerability
• AzDGDatingMedium 1.9.3 Index.PHP Cross Site Scripting Vulnerability
• Webring Index.PHP Cross Site Scripting Vulnerability
• Squito Gallery 1.0 IMAGEDIR Parameter Cross Site Scripting Vulnerability
• Squito Gallery 1.0 PAGE Parameter Cross Site Scripting Vulnerability
• Joomla! Com_Airmonoblock Component Index.PHP SQL Injection Vulnerability
• Joomla! Com_Rd_Download Component Index.PHP Directory Traversal Vulnerability
• Joomla! Com_Artistavenue Component Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4579]
• Dictionary Module 0.91b for XOOPS Detail.PHP SQL Injection Vulnerability – [CVE-2009-4582]
• ArticleLive PHP Index.PHP USERNAME Parameter Cross Site Scripting Vulnerability – [CVE-2009-4582]
• ArticleLive PHP Index.PHP PASSWORD Parameter Cross Site Scripting Vulnerability – [CVE-2009-4582]
• RoseOnlineCMS Admincp.PHP Local File Include Vulnerability – [CVE-2009-4581]
• phpAuction Register.PHP TPL_NICK Parameter Cross Site Scripting Vulnerability – [CVE-2009-4581]
• phpAuction Register.PHP TPL_NAME Parameter Cross Site Scripting Vulnerability – [CVE-2009-4581]
• Com_Adagency Joomla! Component index.PHP Local File Include Vulnerability – [CVE-2009-4581]
• DrBenHur.com DBHcms 1.1.4 Index.PHP Remote File Include Vulnerability – [CVE-2009-4581]
• Cybershade CMS 0.2b Core.PHP Remote File Include Vulnerability – [CVE-2009-4581]
• Cybershade CMS 0.2b Includes.PHP Remote File Include Vulnerability – [CVE-2009-4581]
• Joomla! Q-Personel Component 1.0.2 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4575]
• Joomla! BeeHeard Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4575]
• Calendar Express Year.PHP SQL Injection Vulnerability – [CVE-2009-4575]
• FreePBX 2.5.2 Config.PHP Cross Site Scripting Vulnerability – [CVE-2009-4458]
• Aditus Consulting JpGraph 3.0.6 Csim_In_Html_Ex1.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4422]
• PHP-Calendar 1.1 Update10.PHP Local File Include Vulnerability – [CVE-2009-3702]
• PHP-Calendar 1.1 Update10.PHP Local File Include Vulnerability – [CVE-2009-3702]
• PHP-Calendar 1.1 Update08.PHP Local File Include Vulnerability – [CVE-2009-3702]
• PHP-Calendar 1.1 Update08.PHP Local File Include Vulnerability – [CVE-2009-3702]
• Simple PHP Blog 0.5.1 Languages_Cgi.PHP Local File Include Vulnerability – [CVE-2009-4421]
• Joomla! Joomulus Component 2.0 Tagcloud.SWF Cross-Site Scripting Vulnerability – [CVE-2009-4573]
• Joomla! Com_Webcamxp Component Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4573]
• Joomla! Com_Jm-Recommend Component Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4573]
• Joomla! Com_Facileforms Component Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4578]
• Joomla! Com_Trabalhe_Conosco Component Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4578]
• Joomla! Com_Dhforum Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4583]
• ClarkConnect Linux 5.0 Proxy.PHP Cross Site Scripting Vulnerability – [CVE-2009-4583]
• Joomla! Com_Kkcontent Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4583]
• Joomla Com_Noticia Component Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4583]
• PHPFootball 1.0 News.Mainnews.PHP Cross Site Scripting Vulnerability – [CVE-2009-4583]
• Pragyan CMS 2.6.4 Search.PHP MODULEFOLDER Parameter Remote File Include Vulnerability – [CVE-2009-4583]
• Pragyan CMS 2.6.4 Search.PHP SOURCEFOLDER Parameter Remote File Include Vulnerability – [CVE-2009-4583]
• Kasseler CMS 1.3.4 Index.PHP UNAME Parameter Cross Site Scripting Vulnerability – [CVE-2009-4583]
• Kasseler CMS 1.3.4 Index.PHP DO Parameter Cross Site Scripting Vulnerability – [CVE-2009-4583]
• Kasseler CMS 1.3.4 Index.PHP ID Parameter Cross Site Scripting Vulnerability – [CVE-2009-4583]
• Joomla! Com_Mediaslide Component Viewer.PHP Directory Traversal Vulnerability – [CVE-2009-4583]
• Joomla HotBrackets Tournament Brackets Component Index.PHP SQL Injection Vulnerability – [CVE-2010-0945]
• Joomla! JCal Pro Component 1.5.3.6 Cal_Popup.PHP Remote File Include Vulnerability – [CVE-2009-4431]
• Joomla Event Manager Component 1.5 Index.PHP SQL Injection Vulnerability – [CVE-2009-4431]

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note: N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

• Joomla! DigiStore Component Index.PHP SQL Injection Vulnerability
• Joomla! com_schools Component Index.PHP SQL Injection Vulnerability
• FlatPress 0.909 Login.PHP Cross Site Scripting Vulnerability – [CVE-2009-4461]
• FlatPress 0.909 Login.PHP Cross Site Scripting Vulnerability – [CVE-2009-4461]
• FlatPress 0.909 Contact.PHP Cross Site Scripting Vulnerability – [CVE-2009-4461]
• Sunbyte e-Flower Index.PHP SQL Injection Vulnerability – [CVE-2009-4461]
• Joomla! com_calendario Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4461]
• MAXdev MD-Forum 2.07 Index.PHP SQL Injection Vulnerability – [CVE-2009-4577]
• Best Top List 2.11 Out.PHP Cross Site Scripting Vulnerability – [CVE-2009-4577]
• Joomla! iF Portfolio Nexus Index.PHP Local File Include Vulnerability – [CVE-2009-4577]
• IMG2ASCII 1.17 Ascii.PHP Cross Site Scripting Vulnerability – [CVE-2009-4577]
• phpPowerCards 2.0 Pagenumber.Inc.PHP ARCHIV Parameter Cross Site Scripting Vulnerability – [CVE-2009-4469]
• phpPowerCards 2.0 Pagenumber.Inc.PHP SUBCAT Parameter Cross Site Scripting Vulnerability – [CVE-2009-4469]
• phpPowerCards 2.0 Pagenumber.Inc.PHP PATH_INFO Parameter Cross Site Scripting Vulnerability – [CVE-2009-4469]
• freeForum 1.7 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-4469]
• MyShoutPro 1.2 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-4469]
• phpInstantGallery 1.1 Admin.PHP Cross Site Scripting Vulnerability – [CVE-2009-4446]
• Barbo91 Upload.PHP Cross Site Scripting Vulnerability – [CVE-2009-4446]
• APC Switched Rack PDU 3.7.0 Login1 Cross Site Scripting Vulnerability – [CVE-2009-4406]
• Woltlab Burning Board Kleinanzeigenmarkt Plugin Index.PHP SQL Injection Vulnerability – [CVE-2009-4406]
• MyBB 1.4.10 Myps.PHP Cross Site Scripting Vulnerability – [CVE-2009-4406]
• Webformatique Car Manager Joomla! Component 2.1 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-4406]
• Joomla! JEEMA Article Collection Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4406]
• 4homepages 4images 1.7.1 Search.PHP SQL Injection Vulnerability – [CVE-2009-4406]
• JBC Explorer 7.20 Arbre.PHP Cross Site Scripting Vulnerability – [CVE-2009-4406]
• Pre Projects E-Smart Cart Login.ASP SQL Injection Vulnerability – [CVE-2009-4406]
• Pyrmont V2 2.0.7 WordPress Theme Results.PHP SQL Injection Vulnerability – [CVE-2009-4424]
• F3Site 2009 New.PHP Local File Include Vulnerability – [CVE-2009-4435]
• F3Site 2009 Poll.PHP Local File Include Vulnerability – [CVE-2009-4435]

Certamente todo administrador linux ou de segurança já trabalhou com a serie 1.3 do Apache. Certamente ela deixara saudades para a velha guarda mais a evolução é necessária . Foi anunciado hoje (02/02/2010) a última versão da serie apache 1.3 . No release  1.3.42 informaram o fim da era da versão 1.3 e que o mesmo terá somente alguns updates críticos .

Parte do anúncio (Inglês)

“The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server (“Apache”). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status.”

Anúncio completo:

http://mail-archives.apache.org/mod_mbox/httpd-announce/201002.mbox/%3C20100203000334.GA19021@infiltrator.stdlib.net%3E

Visando a proteção de nossos clientes no futuro sugerimos que façam updates para versões correntes assim que possível visto que problemas de segurança podem surgir. Abaixo as melhores versões para uso:

Apache HTTP Server 2.2.14 is the best available version
Apache 2.0.63 Released

Mais informações: http://httpd.apache.org/download.cgi

N-Stalker Team

English(en)

Probably every linux administrator or security analyst have been worked with Apache 1.3 series . The old school guys will miss it but the evolution is necessary . Today was announced the lastest release for apache 1.3 series. In this release 1.3.42 they announced that apache 1.3 will only have critical updates.

Part of the announce:

“The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server (“Apache”). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status.”

Full announce:

http://mail-archives.apache.org/mod_mbox/httpd-announce/201002.mbox/%3C20100203000334.GA19021@infiltrator.stdlib.net%3E

Looking forward to protect and advise our costumer we really suggest you to update to current versions as listed bellow:

Apache HTTP Server 2.2.14 is the best available version
Apache 2.0.63 Released

More information: http://httpd.apache.org/download.cgi

N-Stalker Team

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note: N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

• eWebquiz 8.0 Questions.ASP SQL Injection Vulnerability – [CVE-2009-4436]
• eWebquiz 8.0 Importquestions.ASP SQL Injection Vulnerability – [CVE-2009-4436]
• eWebquiz 8.0 Quiztakers.ASP SQL Injection Vulnerability – [CVE-2009-4436]
• Active Auction House 3.6 Wishlist.ASP SQL Injection Vulnerability – [CVE-2009-4437]
• Active Auction House 3.6 Links.ASP SQL Injection Vulnerability – [CVE-2009-4437]
• cPanel 11.24.7 Dofileop.HTML Cross Site Scripting Vulnerability – [CVE-2009-4437]
• cPanel 11.24.7 Fileop.HTML Cross Site Scripting Vulnerability – [CVE-2009-4437]
• QuiXplorer 2.3.1 Index.PHP Local File Include Vulnerability – [CVE-2009-4437]
• Joomla! Com_Joomportfolio Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4428]
• Joomla! Com_Personel Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4428]
• Pluxml-Blog 4.2 Auth.PHP Cross Site Scripting Vulnerability – [CVE-2009-4428]
• WP-Forum WordPress Plugin 2.3 Index.PHP SQL Injection Vulnerability – [CVE-2009-3703]
• phpFaber CMS 1.3.36 Module.PHP Cross Site Scripting Vulnerability – [CVE-2009-4382]
• Zeeways ZeeLyrics 3.0 Searchresults_Main.PHP Cross Site Scripting Vulnerability – [CVE-2009-4316]
• VirtueMart 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-4430]
• Million Pixel Script 3.0 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-4381]
• iDevSpot iSupport 1.8 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-3731]
• iDevSpot iSupport 1.8 Function.PHP Cross Site Scripting Vulnerability – [CVE-2009-3731]
• Ez Cart Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-4317]
• Digital Scribe 1.4.1 Stuworkdisplay.PHP SQL Injection Vulnerability – [CVE-2009-4317]
• Zeeways ZeeJobsite 3.0 Basic_Search_Result.PHP Cross Site Scripting Vulnerability – [CVE-2009-4317]
• Zen Cart 1.3.8 Curltest.PHP Information Disclosure Vulnerability – [CVE-2009-4321]
• Joomla! JS Jobs Component 1.0.5.6 Index.PHP MD Parameter SQL Injection Vulnerability – [CVE-2009-4321]
• Joomla! JS Jobs Component 1.0.5.6 Index.PHP OI Parameter SQL Injection Vulnerability – [CVE-2009-4321]
• Joomla! com_jphoto Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4321]
• TestLink 1.8.4 Eventviewer.PHP SQL Injection Vulnerability – [CVE-2009-4238]
• TestLink 1.8.4 NavBar.PHP SQL Injection Vulnerability – [CVE-2009-4238]
• TestLink 1.8.4 Login.PHP Cross Site Scripting Vulnerability – [CVE-2009-4237]
• TestLink 1.8.4 ResultsMoreBuilds_BuildReport.PHP Cross Site Scripting Vulnerability – [CVE-2009-4237]
• TestLink 1.8.4 Eventviewer.PHP LOGLEVEL Parameter Cross Site Scripting Vulnerability – [CVE-2009-4237]
• TestLink 1.8.4 Eventviewer.PHP ENDDATE Parameter Cross Site Scripting Vulnerability – [CVE-2009-4237]
• TestLink 1.8.4 Eventviewer.PHP STARTDATE Parameter Cross Site Scripting Vulnerability – [CVE-2009-4237]
• TestLink 1.8.4 Attachmentupload.PHP Cross Site Scripting Vulnerability – [CVE-2009-4237]
• TestLink 1.8.4 StaticPage.PHP Cross Site Scripting Vulnerability – [CVE-2009-4237]
• Joomla! You!Hostit! Template 1.0.1 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4255]
• Joomla! Com_Job Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4255]
• YOOtheme Warp5 Joomla! Component Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-4255]
• Chipmunk Newsletter 2.0 Addlist.PHP SQL Injection Vulnerability – [CVE-2009-4255]
• GCalendar Joomla! Component 2.1.4 Index.PHP SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP ORDER_ID Parameter Cross-Site Scripting Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP CATEGORY Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP TAX_RATE_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP PAYMENT_METHOD_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP USER_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP VENDOR_CATEGORY_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP USER_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP MODULE_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP VENDOR_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP PRODUCT_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• PhpShop 0.8.1 Index.PHP MODULE_ID Parameter SQL Injection Vulnerability – [CVE-2009-4099]
• Sisplet CMS 2008-01-24 New.PHP Remote File Include Vulnerability – [CVE-2009-4099]
• AROUNDMe 1.1 Connect.PHP Remote File Include Vulnerability – [CVE-2009-4264]
• YABSoft Advanced Image Hosting Script 2.2 Search.PHP Cross Site Scripting Vulnerability – [CVE-2009-4266]
• UBB.threads 7.5.4.2 Smarty_Compiler.Class.PHP Remote File Include Vulnerability – [CVE-2009-4266]
• UBB.threads 7.5.4.2 Html.Inc.PHP Remote File Include Vulnerability – [CVE-2009-4266]
• UBB.threads 7.5.4.2 Ubbthreads.PHP Local File Include Vulnerability – [CVE-2009-4266]
• Elkagroup Image Gallery 1.0 Index.PHP SQL Injection Vulnerability – [CVE-2009-4266]
• 427BB 2.3.2 Showpost.PHP SQL Injection Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP LANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP QUESTION Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP CAT Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP CAT Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP ID Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP SRCLANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP ID Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP CAT Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP ARTLANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP NEWSLANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP TAGGING_ID Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP CAT Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP LANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP LETTER Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP LANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP ARTLANG Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]
• phpMyFAQ 2.5.4 Index.PHP HIGHLIGHT Parameter Cross Site Scripting Vulnerability – [CVE-2009-4266]

This is the result of 10 years fully dedicated to the creation, design and development of state-of-the-art, outstanding security scanner software solutions now adoptedby governmental, public and legal entities as well as IT professionals and security consultants worldwide.

Another jewel in our crown and a challenge to keep up the good work!

N-Stalker escolhido como melhor scanner de segurança em 2009!

O site SECURITY-DATABASE, uma das mais conceituadas entidades dedicadas à identificação e avaliação de ameaças à segurança na Web (como também na indicação das melhores ferramentas disponíveis no mercado para combatê-las) declarou N-STALKER o software vencedor em 2009 na categoria de ferramentas de avaliação de segurança em aplicativos da Web.

Este nada mais é que o resultado de 10 anos plenamente dedicados à criação, projeto e desenvolvimento de soluções de software de segurança na Web no estado-da-arte, hoje adotadas por governos, empresas públicas e privadas, profissionais de TI e consultores de segurança na Web, por todo o mundo.

Mais uma jóia em nossa coroa e mais um desafio para nos mantermos no topo em 2010!

If you need to contact us for additional instructions, go to N-Stalker’s Customer Center.

Important Note:  N-Stalker 2006 Version has been discontinued since March 31st, 2009. You must upgrade to N-Stalker 2009 to obtain our technical support.

This release includes patterns for the following vulnerabilities:

• Yoast Google Analytics for WordPress Plugin 3.2.4 404 Error Page Cross Site Scripting Vulnerability
• Invision Power Board 3.0.4 Index.PHP SQL Injection Vulnerability
• Invision Power Board 3.0.4 Index.PHP Local File Include Vulnerability
• Invision Power Board 3.0.4 Index.PHP SQL Injection Vulnerability
• Thatware 0.5.3 Thatfile.PHP Remote File Include Vulnerability
• Thatware 0.5.3 Artlist.PHP Remote File Include Vulnerability
• Thatware 0.5.3 Config.PHP Remote File Include Vulnerability
• Ciamos 0.9.5 Index.PHP Remote File Include Vulnerability – [CVE-2009-4156]
• Joomla! mojoBlog Component RC0.15 Wp-Comments-Post.PHP Remote File Include Vulnerability – [CVE-2009-4156]
• Joomla! mojoBlog Component RC0.15 Wp-Trackback.PHP Remote File Include Vulnerability – [CVE-2009-4156]
• Joomla! Joaktree Component 1.0 ‘treeId’ Parameter SQL Injection Vulnerability – [CVE-2009-4156]
• Elxis Feedcreator.Class.PHP Directory Traversal Vulnerability – [CVE-2009-4154]
• SmartMedia Module for XOOPS 0.85 Folder.PHP Cross Site Scripting Vulnerability – [CVE-2009-4359]
• Joomla! Quick News Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4359]
• Content Module for XOOPS 0.5 Index.PHP SQL Injection Vulnerability – [CVE-2009-4360]
• Power Phlogger 2.2.5 DspStats.PHP Cross-site Scripting Vulnerability – [CVE-2009-4253]
• Joomla! 1.5.11 404 Error Page Cross Site Scripting Vulnerability – [CVE-2009-4253]
• MusicGallery Joomla! Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4217]
• Joomla! ProofReader Component 1.0 Index.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4157]
• LyftenBloggie Joomla! Component 1.0.4 Index.PHP SQL Injection Vulnerability – [CVE-2009-4104]
• phpBazar 2.1.1 Classified.PHP SQL Injection Vulnerability – [CVE-2009-4221]
• Joomla! Google Calendar Component 1.1.2 Index.PHP SQL Injection Vulnerability – [CVE-2009-4099]
• Quick.Cart 2.4 and Quick.CMS 3.4 Delete Function Cross Site Request Forgery Vulnerability – [CVE-2009-4120]
• klinza professional cms 5.0.1 Menulast.PHP Local File Include Vulnerability – [CVE-2009-4216]
• WordPress WP-Cumulus Plugin 1.22 Tagcloud.SWF Cross-Site Scripting Vulnerability – [CVE-2009-4168]
• PHP Live! 3.1 Help.PHP Remote File Include Vulnerability – [CVE-2009-4168]
• WordPress Trashbin Plugin 0.1 Edit.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4168]
• WordPress WP-PHPList Plugin 2.10.2 Wp-Phplist.PHP Cross-Site Scripting Vulnerability – [CVE-2009-4168]
• Outreach Project Tool 1.2.7 Index.PHP Remote File Include Vulnerability – [CVE-2009-4082]
• CubeCart 4.3.6 ViewProd.Inc.PHP SQL Injection Vulnerability – [CVE-2009-4060]
• Joomla! iF Portfolio Nexus Component Index.PHP ID Parameter SQL Injection Vulnerability – [CVE-2009-4057]
• Joomla! iF Portfolio Nexus Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4057]
• ActiveWebSoftwares Active Bids Default.ASP SQL Injection Vulnerability – [CVE-2009-4057]
• Joomla! JoomClip Component Index.PHP SQL Injection Vulnerability – [CVE-2009-4059]
• Multiple JiRo’s Products Login.ASP SQL Injection Vulnerability – [CVE-2009-4218]
• Joomla! eZine Component 2.1 D4m_Ajax_Pagenav.PHP Remote File Include Vulnerability – [CVE-2009-4094]
• eNdonesia 8.4 Mod.PHP Local File Include Vulnerability – [CVE-2009-4094]
• TFTgallery 0.13 Index.PHP Directory Traversal Vulnerability – [CVE-2009-3912]
• TFTgallery 0.13 Settings.PHP Cross Site Scripting Vulnerability – [CVE-2009-3911]
• Joomla! Com_Photoblog Component 3a Index.PHP SQL Injection Vulnerability – [CVE-2009-3834]
• TFTgallery 0.13 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-3833]
• TBmnetCMS 1.0 Tbmnet.PHP Cross Site Scripting Vulnerability – [CVE-2009-3747]
• Achievo 1.3.4 Debugger.PHP Remote File Include Vulnerability – [CVE-2009-3705]
• RunCMS Post.PHP SQL Injection Vulnerability – [CVE-2009-3705]
• Joomla! Com_Jshop Component Index.PHP SQL Injection Vulnerability – [CVE-2009-3835]
• OpenDocMan 1.2.5 View_File.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 User.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Search.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Rejects.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Add.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Profile.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Department.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Category.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Admin.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 Index.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• OpenDocMan 1.2.5 ToBePublished.PHP Cross Site Scripting Vulnerability – [CVE-2009-3789]
• Joomla! com_booklibrary Component 1.0 Releasenote.PHP Remote File Include Vulnerability – [CVE-2009-3817]