Lucene search
K
JoomlaMost viewed

725 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/01/20 12:0 a.m.20 views

J2Store 2.5 to 2.8.3, SQL Injection

J2Store 2.5 to 2.8.3 SQL Injection Update to 2.8.4 UpdateNoticeURL http://j2store.org/blog/213-security-update-january-2015.html...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/11/15 1:27 p.m.20 views

Admin Exile 2.3.5 sqli

Admin Exile version 2.3.5 SQL injection Developer Update Version 2.3.6 resolves an unpublished/theoretical SQL injection vulnerability. http://www.richeyweb.com/development/joomla-plugins/71-adminexile-for-joomla-16...

8.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/08/29 7:27 a.m.20 views

joomla spider video, 2.8.3, sqli

joomla spider video, 2.8.3, SQL Injection UpdateNoticeURL http://web-dorado.com/products/joomla-player.html...

1.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/03/03 12:0 a.m.20 views

ActiveHelper LiveHelp, 3.2.0, sqli

ActiveHelper LiveHelp, 3.2.0, SQL Injection We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units. Update Notice URL...

2.5AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/02/26 2:55 p.m.20 views

JJ Shoutbox, 1.2.6,

JJ Shoutbox, 1.2.6, Other Developer statement This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0 http://joomjunk.co.uk/products/module-home/shoutbox.htmlchangelog...

7.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/01/25 1:30 a.m.20 views

iRecommend, >= 3.0,

iRecommend, = 3.0, Other XSS & FPD developer states inaccurate report...

1.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/11/04 6:30 p.m.20 views

Spider contacts, 1.3.3,

Spider contacts, 1.3.3, SQL Injection Extension Update Details We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL http://web-dorado.com/products/joomla-contacts.html...

1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/10/17 6:8 p.m.20 views

jomsocial below 3.0.5.1

jomsocial , 3.0.5.1, SQL Injection Resolved prior to notification...

2.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/04/30 12:0 a.m.20 views

[20120901] - Core - XSS Vulnerability

Inadequate escaping of output leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/03/08 12:0 a.m.20 views

[20120304] - Core - Password Change

Insufficient randomness leads to password reset vulnerability...

7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2008/08/23 12:0 a.m.20 views

[20080902] - Core - Random Number Generation Flaw

A flaw with the random number generation exists which vastly reduces the entropy of system used random functions. This impacts system generated tokens and passwords. The fix increases entropy, and greatly reduces the chance of a generated token being guessed...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/03/20 12:0 a.m.19 views

[20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

6.1CVSS5.8AI score0.00239EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/12/27 12:0 a.m.19 views

LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other

Other : 5.0.2 Exploit Check developer for new releases...

2.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/11/04 12:0 a.m.19 views

publisher, 3.0.19, XSS (Cross Site Scripting)

ijoomlapublisher, 3.0.19, XSS Cross Site Scripting...

1.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/25 6:43 p.m.19 views

AcyMailing 5.10.6 Various

AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...

1.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/10/09 12:0 a.m.19 views

JSN Framework System Plugin, 2.1.5

JSN Framework System Plugin, versions 2.1.5 and previous, unrestricted file uploads without any authorization Resolution: update to 2.1.6 Update notice: https://www.joomlashine.com/forums/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html Users are strongly urged to update immediately...

7.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/01 6:23 p.m.19 views

JB Visa,1.0,SQL Injection

JB Visa by Joombooking.com, 1.0, SQL Injection...

2.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/09/12 12:0 a.m.19 views

Payplans 3.6.2

Payplans 3.6.2 and previous, price manipulation resolution: update to 3.6.3 update notice: https://stackideas.com/blog/critical-update-for-payplans-363...

1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/08/21 12:0 a.m.19 views

Zap Calendar, 4.3.6 and previous, SQL Injection

Zap Calendar, 4.3.6, SQL Injection resolution: update to 4.3.7 update notice url: https://zcontent.net/support/zapcalendar/265-change-log-for-zap-calendar...

1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/05/11 12:0 a.m.19 views

Extra Search by Joomlaboat,2.2.8 and previous,SQL Injection

Extra Search by Joomlaboat, 2.2.8 and previous, SQL Injection...

2.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/08 12:0 a.m.19 views

BookLibrary,3.6.14,SQL Injection

BookLibrary by Ordasoft, 3.6.14, SQL Injection Resolutiion: Update to 3.6.15 Update notice: http://ordasoft.com/News/News/book-library-security-update.html...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/12/19 12:0 a.m.19 views

DT Register, sql/xss, 3.1.12 / 2.8.18 and previous

DT Register Vulnerable version: 3.1.12 / 2.8.18 and previous sql/xss http://www.dthdevelopment.com/dth-news/dt-register-3.1.13-security-release.html http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html developer did not inform VEL...

1.6AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/10/20 12:0 a.m.19 views

ja-k2- filter-and- search, SQL Injection

ja-k2- filter-and- search, version 1.2.2 and all previous SQL Injection Resolution: update to 1.2.5 Update notice: https://www.joomlart.com/updates/joomla-extensions/important-security-fix-release-ja-k2-filter-component?utmsource=newslettermedium=emailcampaign=k2filtercritical Note that developer...

7.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/04/07 12:0 a.m.19 views

User Group FTW For Hikashop,1.1.5,Other

User Group FTW For Hikashop, 1.1.5, Other...

0.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/09/11 12:0 a.m.19 views

Extplorer, 2.1.7 and previous

Developer startement eXtplorer 2.1.8 released Today eXtplorer 2.1.8 was released, fixing some minor vulnerabilities. Changelog: - added security functions for protection against CSRF attacks - fixed "directories with the name '0' are not loading" An update is recommended...

0.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/07/23 12:0 a.m.19 views

J2Store by Weblogicx India, 3.1.6 and below, SQL Injections

J2Store by Weblogicx India, 3.1.6 and below, SQL Injections Update: vulnerabilites fixed in version 3.1.7 Announcement: http://j2store.org/j2store-v3.html...

3.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 4:25 p.m.19 views

UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)

UMI 3D Tag Cloud modumi3dtagcloud, 1.3.4 and below, XSS Cross Site Scripting...

1.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 2:13 p.m.19 views

Escope PrettyPhoto [mod_escope_pp], 1.0.3, XSS (Cross Site Scripting) - abandonware!

Escope PrettyPhoto modescopepp, 1.0.3 and below, XSS Cross Site Scripting...

1.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 1:30 p.m.19 views

StarLite Pretty Photo [plg_system_slprettyphoto],1.2, XSS (Cross Site Scripting)

StarLite Pretty Photo plgsystemslprettyphoto, 1.2 and below, XSS Cross Site Scripting...

1.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/12/02 1:48 a.m.19 views

HDFLVPlayer, 2.0, Directory Traversal

HDFLVPlayer, 2.0, Directory Traversal Contus/apptha developers statement We fixed the directory traversal issue and updated the version with 2.2 UpdateNoticeURL http://www.hdflvplayer.net/hd-flv-player-download.php...

2.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/09/24 3:58 p.m.19 views

Hika Shop

HikaShop 2.3.2 and below also Hika Market 1.4.3 and below Remote code execution Note that developer did not inform the VEL Notice of resolution: http://www.hikashop.com/index.php?option=comcontent=article=269...

7.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/08/05 10:43 a.m.19 views

Watchful Client (watchful.li extension), 1.9.0 and lower

Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation. Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html...

3.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/06/02 12:14 p.m.19 views

JW player, 5.10.22 xss

JW player, 5.10.2295, XSS Cross Site Scripting Update notice url:http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0...

0.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/03/08 11:24 a.m.19 views

plg_highlight_button, 1.5 and previious sqli

plghighlightbutton, 1.5 and previious versions, SQL Injection Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...

7.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/08/19 8:51 p.m.19 views

joomsport pro and std

joomsport, pro 3.1.1 and std 2.0 , Directory Traversal developers release statement Security notes put in product description and put release notes on our site for both products http://joomsport.com/downloads/components.html?lang=en - Here is the link for standard updated release...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/04/27 2:51 p.m.19 views

alfcontact

xss 230413...

1.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/04/27 2:51 p.m.19 views

aiContactSafe 2.0.19

xss 160413 developer release statement for version 2.0.21 Authors:...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/07/02 12:0 a.m.19 views

[20120902] - Core - XSS Vulnerability

Inadequate escaping of output leads to XSS vulnerability in language switcher module...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/01/29 12:0 a.m.19 views

[20120203] - Core - Information Disclosure

Inadequate validation leads to path disclosure in administrator...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2011/09/09 12:0 a.m.19 views

[20111001] - Core - Information Disclosure

Weak encryption causes potential information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2009/04/06 12:0 a.m.19 views

[20090602] - Core - ja_purity XSS

A XSS vulnerability exists in the JAPurity template which ships with Joomla! 1.5...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/23 12:0 a.m.18 views

[20260515] - Core - Incorrect Access Control in sample data plugins

An improper access check allow unauthorized users to perform actions related to the installation of sampledata...

9.8CVSS5.8AI score0.00234EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/09/19 12:0 a.m.18 views

[20250102] - Core - XSS vector in the id attribute of menu lists

Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2...

7.5CVSS7.1AI score0.00404EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/30 12:0 a.m.18 views

Advanced custom fields, 2.7.7, SQL Injection

Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/30 12:0 a.m.18 views

Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)

https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/11/09 12:0 a.m.18 views

JomSocial , 4.7.6, XSS (Cross Site Scripting)

JomSocial , 4.7.6, XSS Cross Site Scripting investigation...

1.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/26 12:0 a.m.18 views

xcloner,3.53,Other

xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...

3.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/04/03 12:0 a.m.18 views

fabrik 3.9,Various

,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/05/19 7:21 a.m.18 views

eXtplorer 2.1.12 various

eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/02/23 12:0 a.m.18 views

Edocman,1.1.17,SQL Injection

Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...

8.4AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities725