aWeb Cart Watching System 2.6.0

aWeb Cart Watching System for Virtuemart versions 2.6.0 and previous SQL injection Resolution: update to 2.6.1 Update Notice: http://awebsupport.com/...

CW Tags, 2.0.8, SQL Injection

CW Tags by CW Joomla, versions 2.0.8 and previous, SQL Injection Note that the VEL do not agree with the developer's assessment of this as a "low level" security issue Resolution: update to version 2.1.1 Update notice: http://www.cwjoomla.com/download-cw-tags...

Realpin,1.5.04,SQL Injection

Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection...

Smart Shoutbox, 2.9.5, SQL Injection

Smart Shoutbox by thekrotek.com, version 2.9.5 and previous, SQL Injection resolution: update to 3.0.0, version released July 2017 update notice: so far the developer has not made an update notice making clear that this was a security release The developer says "Version 3.0 is an absolutely new...

JGive, 2.0.9, SQL Injection

JGive by Techjoomla.com, versions 2.0.9 and previous, SQL Injection resolution: update to 2.0.11 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...

Jcomments, version 3.0.5, Input Validation Vulnerability

jcomments,versions 3.0.5 and all previous, inadequate input validation of objectgroup parameter leads to possible exploits including arbitrary local file inclusion resolution: update to version 3.0.6 There is evidence that this is being actively exploited, so users are recommended to update ASAP...

Jticketing, 2.0.16, SQL Injection

Jticketing by techjoomla.com, versions 2.0.16 and previous, SQL Injection resolution: update to 2.0.18 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection...

Google Map Landkarten,4.2.3,SQL Injection

Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection...

Gallery WD, 1.3.9, SQL Injection

Gallery WD by Web Dorado, versions 1.3.9 and previous, SQL Injection resolution: update to 1.3.10 update notice: https://web-dorado.com/products/joomla-gallery.html...

Form Maker, 3.6.14, SQL Injection

Form Maker by Web Dorado, Versions 3.6.14 and previous, SQL Injection resolution: update to 3.6.15 note that previous security release did not completely fix the issue update notice: https://web-dorado.com/products/joomla-form.html...

Simple Calendar,3.1.9,SQL Injection

Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection...

SquadManagement,1.0.3,SQL Injection

SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection...

JomEstate, 3.7, SQL Injection

JomEstate from comdev.eu, versions 3.7 and previous, SQL Injection resolution: resolved in version 3.8, current release is 4.1 update notice: none...

JQuickContact, 1.3.2.3, SQL Injection

JQuickContact by Wassim Jied, versions 1.3.2.3 and previous, SQL Injection resolution: update to 1.3.2.4 update notice: http://coderspirit.blogspot.com/2011/07/jquickcontact.html...

Checklist by Joomplace, 1.1.1.003, SQL Injection

Checklist by Joomplace, versions 1.1.1.003 and previous, SQL Injection resolution: update to 1.1.1.004 Update notice: https://www.joomplace.com/blog/security-update-for-checklist.html...

Advertisement Board 3.1.0

Advertisement Board by Ordasoft, versions 3.1.0 and previous, SQL Injection Resolution: update to 3.1.4 Update notice:https://ordasoft.com/News/News/advertisement-board-security-update.html...

Alexandria Book Library, 3.1.3, SQL Injection

Alexandria Book Library by Federica Ugolotti, versions 3.1.3 and previous, SQL Injection note that security release 3.1.3 does not fully fix the issue resolution: update to 3.1.4 update notice: alexandriabooklibrary.org/en/downloads/18-components.html...

CP Event Calendar, 3.0.2, SQL Injection

CP Event Calendar from joomlacalendars.com, versions 3.0.2 and previous, SQL Injection resolution: update to 3.0.3 update notice: http://www.joomlacalendars.com/updates/cp-event-calendar-3.0.3...

DT Register,3.2.7,SQL Injection

DT Register by DTH Development, versions 3.2.7 and previous, SQL Injection resolution: update to 3.2.8 update notice: https://www.dthdevelopment.com/dth-news/dt-register-328-security-update...

PrayerCenter,3.0.2,SQL Injection

PrayerCenter by Mike Leeper MLWebTechnologies, versions 3.0.2 and previous,SQL Injection resolution: update to 3.0.3 update notice: https://github.com/MLWebTechnologies/PrayerCenter...

NeoRecruit, 4.2.1, SQL Injection

NeoRecruit by NeoJoomla, versions 4.2.1 and previous, SQL Injection resolution: update to 4.2.2 update notice: http://www.neojoomla.com/index.php?option=comcontent=view=275=2...

JS Autoz ,1.0.9,SQL Injection

JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection...

JB Bus, 2.3, SQL Injection

JB Bus by Joombooking, 2.3, SQL Injection...

Invitex, 3.0.5, SQL Injection

Invitex by techjoomla.com, versions 3.0.5 and previous, SQL Injection resolution: update to 3.0.6 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...

Media Library Free, 4.0.12, SQL Injection

Media Library Free by Ordasoft, versions 4.0.12 and previous, SQL Injection resolution: update to 4.0.21 update notice: https://ordasoft.com/News/News/media-library-security-update.html...

[20180301] - Core - SQLi vulnerability User Notes

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view...

Nexevo Contact Form, Backdoor

Nexevo Contact Form, Backdoor Resolution: update to 1.0.2 Users should also check for the existence of a plugin called System - Section among their installed extensions. It is malware and needs to be removed and the site treated as hacked. Further information here:...

Visual Calendar, 3.1.5, SQL Injection

Visual Calendar by Joomcalendars.com, versions 3.1.5 and previous, SQL Injection resolution: update to 3.1.6 update notice: http://www.joomlacalendars.com/updates/visual-calendar3.1.6...

Ek rishta, 2.9, SQL Injection

Ek rishta by Harmis Technology, versions 2.9 and previous, SQL Injection Resolution: update to 2.10 update notice: https://joomlaextensions.co.in/extensions/other-extensions/product/Ek-Rishta...

File Download Tracker,3.0,SQL Injection

File Download Tracker by techsolsystem.com, 3.0, SQL Injection...

Kunena,3.x - 5.0.13, Other

Kunena, 3.x - 5.0.13, Other - Normal user can take ownership from any user resolution: update to 5.0.14 update notice: https://www.kunena.org/blog/191-kunena-5-0-14-released...

JMS Music,1.1.1,SQL Injection

JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection...

Magiczoomplus for Virtuemart, 4.9.4, Insecure Folder Permissions

Virtuemart plugin magiczoomplus v4.9.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure. Resolution: Update to 4.9.6 Update notice: https://www.magictoolbox.com/jv-release-update/ Note that the VEL do not agree with the developer's...

Community Builder, 2.1.4, XSS

Community Builder, 2.1.4 and previous, XSS Cross site scripting resolution: update to 2.1.5 update notice: https://www.joomlapolis.com/news/18791-community-builder-2-1-5-security-and-maintenance-release...

Convert Forms, 2.0.3, CSV Injection

Convert Forms by Tassos.gr, versions 2.0.3 and previous, CSV Injection resolution: update to 2.0.4 update notice: https://www.tassos.gr/blog/convert-forms-2-0-4-security-release...

jDownloads,3.2.58, XSS (Cross Site Scripting)

jDownloads, versions 3.2.58 and previous, XSS Cross Site Scripting resolution: update to 3.2.59 update notice: http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html...

AcySMS, 3.5.0, CSV Injection

AcySMS by Acyba, versions 3.5.0 and previous, CSV Injection see https://vel.joomla.org/articles/2140-introducing-csv-injection resolution: update to 3.5.1 update notice: https://www.acyba.com/acysms/change-log.html...

Attachments, 3.2.5, SQL Injection

Attachments from jimcameron.net, versions 3.2.5 and previous, SQL Injection resolution: update to 3.2.6 update notice: http://jmcameron.net/attachments/...

Gridbox com_gridbox, 2.4.0, Multiple Vulnerabilities

Gridbox comgridbox from balbooa.com, 2.4.0 and previous versions, multiple vulnerabilities including XSS, SQLi, arbitratry file download, insecure file upload, directory traversal Resolution: update to version 2.4.1.1 note that previous security release 2.4.1 fixed most of the issues but not all ...

Gantry package 5.4.26 ,Other

Gantry package containing "Twig" library creates folders with improper folder permissions. On some servers this may lead to world writeable folders. see https://github.com/gantry/gantry5/issues/2363 https://github.com/twigphp/Twig/issues/2353 developer states not a security issue within their...

Admin Tools Pro, 5.0.2, Information Disclosure

Admin Tools Pro by Akeeba, versions 5.0.2 and previous, Information Disclosure Resolution: update to 5.1.0 Update notice: https://www.akeebabackup.com/news/1693-admin-tools-security-bulletin-may-2018.html...

Virtuemart 3.2.12 and previous, XSS

Virtuemart, versions 3.2.12 and previous, XSS Cross Site Scripting Resolution: update to 3.2.14 update notice: http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling...

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back door Extensions affected are:- Rapi Content Ticker Rapi Content Carousel Rapi Cookie Consent Rapi Countdown Rapi Preloader Rapi Loading Progress Bar Rapi Page Animate At the moment the back door seems to be loading mining code, it can be used ...

Kunena,5.0 - 5.1.1,Other

Kunena,5.0 - 5.1.1,Other Developer statement The Kunena team has announce the arrival of Kunena 5.1.2 K 5.1.2 which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the...

AcyMailing, 5.9.5, CSV Injection

AcyMailing by Acyba, versions 5.9.5 and previous, CSV Injection see https://vel.joomla.org/articles/2140-introducing-csv-injection Resolution: update to 5.9.6 update notice: https://www.acyba.com/acymailing/change-log.html...

booking calendar for joomla!

Booking Calendar for Joomla! update to 3.4.0 various security patches. Note END OF LIFE https://www.joomlabookingcalendar.com/last-update/ Last known version number 3.4.0...

Watchfulli SSO Plugin,1.2, Other

Watchfulli SSO Plugin, versions 1.2 and previous, Other Resolution: update to version 1.3 update notice: https://watchful.li/news-blog/news/new-watchful-clients-and-sso-plugin-enhance-encryption...

Magiczoomplus for Joomla, 3.3.4, Insecure Folder Permissions

Magiczoomplus for Joomla, versions 3.3.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure. Resolution: update to 3.3.6 Update notice: https://www.magictoolbox.com/jv-release-update/ Note that the VEL do not agree with the developer's...

JS Jobs,1.2.0,XSS (Cross Site Scripting)

JS Jobs from Joomsky.com, versions 1.2.0 and previous,XSS Cross Site Scripting resolution: update to 1.2.1 update notice: http://www.joomsky.com/products/js-jobs.html...