747 matches found
J2Store 2.5 to 2.8.3, SQL Injection
J2Store 2.5 to 2.8.3 SQL Injection Update to 2.8.4 UpdateNoticeURL http://j2store.org/blog/213-security-update-january-2015.html...
edocuman, 1.6.0, Other
edocuman, 1.6.0, Other Developer update notice http://joomdonation.com/forum/edocman/45095-low-security-edocman-1-6-1-released.html53433...
Admin Exile 2.3.5 sqli
Admin Exile version 2.3.5 SQL injection Developer Update Version 2.3.6 resolves an unpublished/theoretical SQL injection vulnerability. http://www.richeyweb.com/development/joomla-plugins/71-adminexile-for-joomla-16...
joomla spider video, 2.8.3, sqli
joomla spider video, 2.8.3, SQL Injection UpdateNoticeURL http://web-dorado.com/products/joomla-player.html...
ActiveHelper LiveHelp, 3.2.0, sqli
ActiveHelper LiveHelp, 3.2.0, SQL Injection We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units. Update Notice URL...
JJ Shoutbox, 1.2.6,
JJ Shoutbox, 1.2.6, Other Developer statement This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0 http://joomjunk.co.uk/products/module-home/shoutbox.htmlchangelog...
ODude Ecard - DT
ODude Ecard - DT - 777 developer statement - ODude Ecard Version 2.1 http://www.odude.com/main/odude-ecard/ecard-log.html...
iRecommend, >= 3.0,
iRecommend, = 3.0, Other XSS & FPD developer states inaccurate report...
jomsocial below 3.0.5.1
jomsocial , 3.0.5.1, SQL Injection Resolved prior to notification...
Mijo Analytics, Joomla 2.5.x,
Mijo Analytics, Joomla 2.5.x, SQL Injection...
joomsport pro and std
joomsport, pro 3.1.1 and std 2.0 , Directory Traversal developers release statement Security notes put in product description and put release notes on our site for both products http://joomsport.com/downloads/components.html?lang=en - Here is the link for standard updated release...
[20120902] - Core - XSS Vulnerability
Inadequate escaping of output leads to XSS vulnerability in language switcher module...
[20120203] - Core - Information Disclosure
Inadequate validation leads to path disclosure in administrator...
[20111001] - Core - Information Disclosure
Weak encryption causes potential information disclosure...
[20080902] - Core - Random Number Generation Flaw
A flaw with the random number generation exists which vastly reduces the entropy of system used random functions. This impacts system generated tokens and passwords. The fix increases entropy, and greatly reduces the chance of a generated token being guessed...
[20260515] - Core - Incorrect Access Control in sample data plugins
An improper access check allow unauthorized users to perform actions related to the installation of sampledata...
[20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to create executable PHP files...
[20240705] - Core - XSS in com_fields default field value
The Custom Fields component not correctly filter inputs, leading to a XSS vector...
[20240801] - Core - Inadequate validation of internal URLs
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...
JomSocial , 4.7.6, XSS (Cross Site Scripting)
JomSocial , 4.7.6, XSS Cross Site Scripting investigation...
xcloner,3.53,Other
xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...
AcyMailing 5.10.6 Various
AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...
[20190303] - Core - XSS in media form field
The media form field lacks escaping, leading to a XSS vulnerability...
En Masse, all versions, SQL Injection
En Masse by Matamko.com, all known versions, SQL Injection...
JB Visa,1.0,SQL Injection
JB Visa by Joombooking.com, 1.0, SQL Injection...
Zap Calendar, 4.3.6 and previous, SQL Injection
Zap Calendar, 4.3.6, SQL Injection resolution: update to 4.3.7 update notice url: https://zcontent.net/support/zapcalendar/265-change-log-for-zap-calendar...
Extra Search by Joomlaboat,2.2.8 and previous,SQL Injection
Extra Search by Joomlaboat, 2.2.8 and previous, SQL Injection...
JO Facebook gallery,4.5,SQL Injection
JO Facebook gallery by Joomcore.com, 4.5,SQL Injection resolution: update to 4.6 Update Notice URL http://joomcore.com/news-updates/item/109-update-jo-facebook-gallery-to-version-4-6-fixed-problem-sql-injection-in-version-4-5...
AVChat Video Chat Integration Kit, File permissions
AVChat Video Chat Integration Kit, File permissions...
Komento 2.0.6, xss
We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento. update notice: https://stackideas.com/blog/important-komento-2-0-7-security-fix...
User Group FTW For Hikashop,1.1.5,Other
User Group FTW For Hikashop, 1.1.5, Other...
J2Store by Weblogicx India, 3.1.6 and below, SQL Injections
J2Store by Weblogicx India, 3.1.6 and below, SQL Injections Update: vulnerabilites fixed in version 3.1.7 Announcement: http://j2store.org/j2store-v3.html...
UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)
UMI 3D Tag Cloud modumi3dtagcloud, 1.3.4 and below, XSS Cross Site Scripting...
Escope PrettyPhoto [mod_escope_pp], 1.0.3, XSS (Cross Site Scripting) - abandonware!
Escope PrettyPhoto modescopepp, 1.0.3 and below, XSS Cross Site Scripting...
StarLite Pretty Photo [plg_system_slprettyphoto],1.2, XSS (Cross Site Scripting)
StarLite Pretty Photo plgsystemslprettyphoto, 1.2 and below, XSS Cross Site Scripting...
Joomla Simple Photo Gallery version 1.1
Apptha Joomla Simple Photo Gallery ,comsimplephotogallery version 1.1 and previous, Other...
Hika Shop
HikaShop 2.3.2 and below also Hika Market 1.4.3 and below Remote code execution Note that developer did not inform the VEL Notice of resolution: http://www.hikashop.com/index.php?option=comcontent=article=269...
Watchful Client (watchful.li extension), 1.9.0 and lower
Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation. Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html...
JW player, 5.10.22 xss
JW player, 5.10.2295, XSS Cross Site Scripting Update notice url:http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0...
plg_highlight_button, 1.5 and previious sqli
plghighlightbutton, 1.5 and previious versions, SQL Injection Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...
Spider contacts, 1.3.3,
Spider contacts, 1.3.3, SQL Injection Extension Update Details We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL http://web-dorado.com/products/joomla-contacts.html...
[20120306] - Core - Information Disclosure
Inadequate permission checking allows unauthorised viewing of administrative back end information...
[20111003] - Core - Information Disclosure
Weak encryption causes potential information disclosure...
[20110602] - Information Disclosure
Inadequate filtering causes possible information disclosure...
[20090602] - Core - ja_purity XSS
A XSS vulnerability exists in the JAPurity template which ships with Joomla! 1.5...
[20260514] - Core - Privilege escalation through com_users webservice endpoints
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
Advanced custom fields, 2.7.7, SQL Injection
Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...
Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)
https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...
quickform, , Other
Developer states exploit is "hack yourself" scenario...
fabrik 3.9,Various
,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...