725 matches found
J2Store 2.5 to 2.8.3, SQL Injection
J2Store 2.5 to 2.8.3 SQL Injection Update to 2.8.4 UpdateNoticeURL http://j2store.org/blog/213-security-update-january-2015.html...
Admin Exile 2.3.5 sqli
Admin Exile version 2.3.5 SQL injection Developer Update Version 2.3.6 resolves an unpublished/theoretical SQL injection vulnerability. http://www.richeyweb.com/development/joomla-plugins/71-adminexile-for-joomla-16...
joomla spider video, 2.8.3, sqli
joomla spider video, 2.8.3, SQL Injection UpdateNoticeURL http://web-dorado.com/products/joomla-player.html...
ActiveHelper LiveHelp, 3.2.0, sqli
ActiveHelper LiveHelp, 3.2.0, SQL Injection We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units. Update Notice URL...
JJ Shoutbox, 1.2.6,
JJ Shoutbox, 1.2.6, Other Developer statement This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0 http://joomjunk.co.uk/products/module-home/shoutbox.htmlchangelog...
iRecommend, >= 3.0,
iRecommend, = 3.0, Other XSS & FPD developer states inaccurate report...
Spider contacts, 1.3.3,
Spider contacts, 1.3.3, SQL Injection Extension Update Details We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL http://web-dorado.com/products/joomla-contacts.html...
jomsocial below 3.0.5.1
jomsocial , 3.0.5.1, SQL Injection Resolved prior to notification...
[20120901] - Core - XSS Vulnerability
Inadequate escaping of output leads to XSS vulnerability...
[20120304] - Core - Password Change
Insufficient randomness leads to password reset vulnerability...
[20080902] - Core - Random Number Generation Flaw
A flaw with the random number generation exists which vastly reduces the entropy of system used random functions. This impacts system generated tokens and passwords. The fix increases entropy, and greatly reduces the chance of a generated token being guessed...
[20240801] - Core - Inadequate validation of internal URLs
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...
LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other
Other : 5.0.2 Exploit Check developer for new releases...
publisher, 3.0.19, XSS (Cross Site Scripting)
ijoomlapublisher, 3.0.19, XSS Cross Site Scripting...
AcyMailing 5.10.6 Various
AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...
JSN Framework System Plugin, 2.1.5
JSN Framework System Plugin, versions 2.1.5 and previous, unrestricted file uploads without any authorization Resolution: update to 2.1.6 Update notice: https://www.joomlashine.com/forums/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html Users are strongly urged to update immediately...
JB Visa,1.0,SQL Injection
JB Visa by Joombooking.com, 1.0, SQL Injection...
Payplans 3.6.2
Payplans 3.6.2 and previous, price manipulation resolution: update to 3.6.3 update notice: https://stackideas.com/blog/critical-update-for-payplans-363...
Zap Calendar, 4.3.6 and previous, SQL Injection
Zap Calendar, 4.3.6, SQL Injection resolution: update to 4.3.7 update notice url: https://zcontent.net/support/zapcalendar/265-change-log-for-zap-calendar...
Extra Search by Joomlaboat,2.2.8 and previous,SQL Injection
Extra Search by Joomlaboat, 2.2.8 and previous, SQL Injection...
BookLibrary,3.6.14,SQL Injection
BookLibrary by Ordasoft, 3.6.14, SQL Injection Resolutiion: Update to 3.6.15 Update notice: http://ordasoft.com/News/News/book-library-security-update.html...
DT Register, sql/xss, 3.1.12 / 2.8.18 and previous
DT Register Vulnerable version: 3.1.12 / 2.8.18 and previous sql/xss http://www.dthdevelopment.com/dth-news/dt-register-3.1.13-security-release.html http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html developer did not inform VEL...
ja-k2- filter-and- search, SQL Injection
ja-k2- filter-and- search, version 1.2.2 and all previous SQL Injection Resolution: update to 1.2.5 Update notice: https://www.joomlart.com/updates/joomla-extensions/important-security-fix-release-ja-k2-filter-component?utmsource=newslettermedium=emailcampaign=k2filtercritical Note that developer...
User Group FTW For Hikashop,1.1.5,Other
User Group FTW For Hikashop, 1.1.5, Other...
Extplorer, 2.1.7 and previous
Developer startement eXtplorer 2.1.8 released Today eXtplorer 2.1.8 was released, fixing some minor vulnerabilities. Changelog: - added security functions for protection against CSRF attacks - fixed "directories with the name '0' are not loading" An update is recommended...
J2Store by Weblogicx India, 3.1.6 and below, SQL Injections
J2Store by Weblogicx India, 3.1.6 and below, SQL Injections Update: vulnerabilites fixed in version 3.1.7 Announcement: http://j2store.org/j2store-v3.html...
UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)
UMI 3D Tag Cloud modumi3dtagcloud, 1.3.4 and below, XSS Cross Site Scripting...
Escope PrettyPhoto [mod_escope_pp], 1.0.3, XSS (Cross Site Scripting) - abandonware!
Escope PrettyPhoto modescopepp, 1.0.3 and below, XSS Cross Site Scripting...
StarLite Pretty Photo [plg_system_slprettyphoto],1.2, XSS (Cross Site Scripting)
StarLite Pretty Photo plgsystemslprettyphoto, 1.2 and below, XSS Cross Site Scripting...
HDFLVPlayer, 2.0, Directory Traversal
HDFLVPlayer, 2.0, Directory Traversal Contus/apptha developers statement We fixed the directory traversal issue and updated the version with 2.2 UpdateNoticeURL http://www.hdflvplayer.net/hd-flv-player-download.php...
Hika Shop
HikaShop 2.3.2 and below also Hika Market 1.4.3 and below Remote code execution Note that developer did not inform the VEL Notice of resolution: http://www.hikashop.com/index.php?option=comcontent=article=269...
Watchful Client (watchful.li extension), 1.9.0 and lower
Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation. Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html...
JW player, 5.10.22 xss
JW player, 5.10.2295, XSS Cross Site Scripting Update notice url:http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0...
plg_highlight_button, 1.5 and previious sqli
plghighlightbutton, 1.5 and previious versions, SQL Injection Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...
joomsport pro and std
joomsport, pro 3.1.1 and std 2.0 , Directory Traversal developers release statement Security notes put in product description and put release notes on our site for both products http://joomsport.com/downloads/components.html?lang=en - Here is the link for standard updated release...
alfcontact
xss 230413...
aiContactSafe 2.0.19
xss 160413 developer release statement for version 2.0.21 Authors:...
[20120902] - Core - XSS Vulnerability
Inadequate escaping of output leads to XSS vulnerability in language switcher module...
[20120203] - Core - Information Disclosure
Inadequate validation leads to path disclosure in administrator...
[20111001] - Core - Information Disclosure
Weak encryption causes potential information disclosure...
[20090602] - Core - ja_purity XSS
A XSS vulnerability exists in the JAPurity template which ships with Joomla! 1.5...
[20260515] - Core - Incorrect Access Control in sample data plugins
An improper access check allow unauthorized users to perform actions related to the installation of sampledata...
[20250102] - Core - XSS vector in the id attribute of menu lists
Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2...
Advanced custom fields, 2.7.7, SQL Injection
Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...
Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)
https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...
JomSocial , 4.7.6, XSS (Cross Site Scripting)
JomSocial , 4.7.6, XSS Cross Site Scripting investigation...
xcloner,3.53,Other
xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...
fabrik 3.9,Various
,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...
eXtplorer 2.1.12 various
eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...
Edocman,1.1.17,SQL Injection
Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...