747 matches found
[20260514] - Core - Privilege escalation through com_users webservice endpoints
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
Advanced custom fields, 2.7.7, SQL Injection
Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...
quickform, , Other
Developer states exploit is "hack yourself" scenario...
eXtplorer 2.1.12 various
eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...
kunena, ,XSS (Cross Site Scripting)
kunena,5.1.3,XSS Cross Site Scripting...
Kunena,5.1.9,XSS (Cross Site Scripting)
Kunena,5.1.9,XSS Cross Site Scripting https://www.kunena.org/blog/203-kunena-5-1-10-released...
Edocman,1.1.17,SQL Injection
Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...
music collection, 3.0.3 ,SQL Injection
music collection, 3.0.3 ,SQL Injection Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4...
Forms by Balbooa.com,1.7.2,Information Disclosure
Forms by Balbooa.com,1.7.2,Information Disclosure Resolution: update to 1.7.4 there was a previous update 1.7.3 which did not entirely fix the issue update notice: https://support.balbooa.com/forum/joomla-forms/5441-balbooa-joomla-forms-v-1-7-4...
JS Jobs, 1.1.9, SQL Injection
JS Jobs by Joomsky, versions 1.1.9 and previous, SQL injection resolution: update to version 1.2.0 update notice: http://www.joomsky.com/products/js-jobs.html...
AppointmentBookingPro,4.0.1,SQL Injection
AppointmentBookingPro, 4.0.1, SQL Injection Resolution: update to 4.0.2 RC2 Update notice: https://appointmentbookingpro.com/support2/an2/17169-joomla-vel.html...
BookLibrary,3.6.14,SQL Injection
BookLibrary by Ordasoft, 3.6.14, SQL Injection Resolutiion: Update to 3.6.15 Update notice: http://ordasoft.com/News/News/book-library-security-update.html...
joomunited SEO Glossary ,pre 2.2.4,Other
joomunited SEO Glossary , pre 2.2.4,Other Developer statement in mass email to registered users We just fixed an SEO Glossary vulnerability, an update to version 2.2.4 is required as soon as possible. https://www.joomunited.com/changelog/seo-glossary-changelog Fix informed by user...
DT Register, sql/xss, 3.1.12 / 2.8.18 and previous
DT Register Vulnerable version: 3.1.12 / 2.8.18 and previous sql/xss http://www.dthdevelopment.com/dth-news/dt-register-3.1.13-security-release.html http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html developer did not inform VEL...
JSN Power Admin,2.3.0,XSS (Cross Site Scripting)
JSN Power Admin,2.3.0, XSS Cross Site Scripting Resolution: update to 2.3.2 Update notice: http://www.joomlashine.com/knowledgeportal/articles/jsn-poweradmin-vulnerability-problem-solved.html Note that previous security release 2.3.1 is still vulnerable, and should be updated...
ECommerce-WD [com_ecommercewd],1.2.5, maybe earlier
ECommerce-WD comecommercewd,1.2.5, maybe earlier,SQL Injection developer statement This vulnerabilities are fixed in version 1.2.6 and above. The version 1.2.6 was released on 2015-03-18...
Gallery WD version 1.2.3 and previous
Gallery WD version 1.2.3 and previous XSS Cross Site Scripting Resolution: Update to version 1.2.5 Update notice URL: http://web-dorado.com/products/joomla-gallery.html...
EDVAS blank template pre 3.5.1
Blank bootstrap edition Template : Update Details http://github.com/Bloggerschmidt/Blank-Bootstrap-Edition/releases/tag/v3.5.1 See https://github.com/Bloggerschmidt/Blank-BootstrapEdition...
HDFLVPlayer, 2.0, Directory Traversal
HDFLVPlayer, 2.0, Directory Traversal Contus/apptha developers statement We fixed the directory traversal issue and updated the version with 2.2 UpdateNoticeURL http://www.hdflvplayer.net/hd-flv-player-download.php...
Akeeba backup
https://www.akeebabackup.com/home/news/1561-security-updates-august-2014.html 3.2.0-3.2.7, 3.3.0-3.3.13, 3.4.0-3.4.3, 3.5.x, 3.6.0-3.6.12, 3.7.x, 3.8.0-3.8.2, 3.9.x, 3.10.x, 3.11.0-3.11.3...
JChatSocial, 2.2 and lower
JChatSocial, 2.2 and lower, XSS Cross Site Scripting...
[20140303] - Core - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability...
[20140302] - Core - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability in comcontact...
ODude Profile
ODude Profile Directory Traversal vulnerability - 777 developer statement ODude Profile | 3.2 | http://www.odude.com/main/profile/profile-changelog.html ---|---|---...
CiviCRM 4.3.3 and previous
CiviCRM, = 4.3.3, XSS Cross Site Scripting Update Notice URL http://civicrm.org/blogs/colemanw/security-release-civicrm-434...
aiContactSafe 2.0.19
xss 160413 developer release statement for version 2.0.21 Authors:...
worldrates
http://dev.pucit.edu.pk/120410 Authors:...
[20100423] - Core - Negative Values for Limit and Offset
If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system...
[20080903] - Core - com_mailto Spam
The mailto component does not verify validity of the URL prior to sending...
[20080904] - Core - Redirect Spam
Several components utilize a passed in URL to redirect to after processing. These URLs are not validated prior to the redirect. A crafted URL can cause the system to redirect to a spam or phishing site...
[20260518] - Core - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...
[20260101] - Core - Inadequate content filtering for data URLs
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
[20250102] - Core - XSS vector in the id attribute of menu lists
Lack of output escaping in the id attribute of menu lists...
[20240701] - Core - XSS in accessible media selection field
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field...
bagallery , , Other
Developer statement Old 1.1 / New 1.2 Update details: We have thoroughly tested all the code in our component to ensure it is free of any security issues. Update URL: https://bestaddon.com/product/ba-gallery/Changelog...
js jobs, 1.3, SQL Injection
js jobs,1.3,SQL Injection...
hwdplayer,4.2,SQL Injection
hwdplayer,4.2,SQL Injection Possible abandonware also...
J2Store, 3.3.9. and previous,XSS (Cross Site Scripting)
J2Store,3.9.x,XSS Cross Site Scripting Update to 3.3.11 https://www.j2store.org/blog/general/j2store-3-3-11-released-with-improvements-and-a-security-fix.html...
js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other
js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other Extension Update Details Fix the file security bug. new version number 2.1.7...
JS support ticket,1.1.6, SQL Injection
JS support ticket,1.1.6, SQL Injection resolution: update to 1.1.7 update notice: https://joomsky.com/products/js-ticket-joomla.html...
RSMembership! older than 1.22.11 ,Other
RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSEvents! Pro Cart Plugin older than 1.1.15 ,Other
RSEvents! Pro Cart Plugin older than 1.1.15,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor
In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and...
TCPDF Library,6.2.12,Other
TCPDF Library,6.2.12,Other updated to v6.2.26 | ---|--- ttweetfsubscribe...
JoomCRM 1.1.1
new version number 1.1.2 https://www.joomboost.com/blog-updates/joomcrm-version-1-1-2-security-announcement.html...
CW Article Attachments (Free Version), SQL Injection
CW Article Attachments Free Version from cwjoomla.com, versions 1.0.6 and previous, SQL Injection resolution: update to 1.0.7 update notice: http://www.cwjoomla.com/download-cw-article-attachments...
Jimtawl, 2.2.6, Arbitrary File Upload
Jimtawl from janguo.de, 2.2.6, arbitrary file upload Resolution: update to 2.2.7 Update notice: http://janguo.de/lang-de/joomla-25-higher/jimtawl.html...
Joomla Guru, SQL Injection
Joomla Guru by IJoomla, 5.0.15 and previous, SQL Injection resolution: update to 5.0.16 update notice: https://guru.ijoomla.com/changelog/237-guru-5-0-16...
JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection
JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection...
JS Jobs,1.1.8, RCE
JS Jobs, 1.1.8, Remote code execution - includes free and pro versions resolution: update to 1.1.9 update notice: http://www.joomsky.com/products/js-jobs.html...