743 matches found
JS Jobs, 1.1.9, SQL Injection
JS Jobs by Joomsky, versions 1.1.9 and previous, SQL injection resolution: update to version 1.2.0 update notice: http://www.joomsky.com/products/js-jobs.html...
Joomla Guru, SQL Injection
Joomla Guru by IJoomla, 5.0.15 and previous, SQL Injection resolution: update to 5.0.16 update notice: https://guru.ijoomla.com/changelog/237-guru-5-0-16...
KissGallery 1.0.0, SQL Injection
KissGallery version 1.0.0 by TW Carter, SQL Injection...
IJSEO, 3.1.17, SQL Injection
IJSEO from IJoomla, 3.1.17, SQL Injection Resolution: update to 3.1.18 Update notice: https://seo.ijoomla.com/blog/entry/joomla-iseo-extension-got-important-security-fix-1-1 The issue affects both the commercial Pro and the non-commercial Light versions of the extension. The developer released a...
easysocial, 2.0.18 and below
easysocial, 2.0.18 and below Extension Update Details https://stackideas.com/blog/security-update-for-easysocial-2019...
Joomla Modern Booking,1.0,SQL Injection
Joomla Modern Booking,1.0,SQL Injection new version number 2.0.0 UpdateNotice URL https://www.unikalus.com/announcements.html...
Smart related articles ,1.1,SQL Injection and XSS
Smart related articles by Iacopo Guarneri, 1.1,SQL Injection and XSS...
Alta User Points,1.1.7,SQL Injection
Alta User Points, 1.1.7, SQL Injection Resolution: update to 1.1.8 Update Notice URL https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=120categoryid=8=58...
Ajax search for K2, 2.2
Ajax search for K2 by taleia.software, 2.2, SQL Injection...
Jtag Calendar 6.2.4
JTag Calendar versions 6.2.4 and previous Resolution: update to 6.2.5 Developer states: Fixed security issue in search functionality Update notice: https://joomlatag.com/premium-joomla-extensions/jtag-calendar-detail.html...
Payment Form, versions before 4.2
Joomdonation extensions, Information Disclosure Payment Form versions before 4.2 Resolution: update to 4.2 Update notice URL: http://joomdonation.com/forum/payment-form/50514-payment-form-version-4-2-released.html...
Komento, 2.0.4 and previous, XSS (Cross Site Scripting)
Stackideas Komento, prior to 2.0.5, XSS Cross Site Scripting Resolved in version 2.0.5 Update notice: http://stackideas.com/changelog/komento?version=2.0.5...
Music Collection, 2.4.6 and below, SQL Injection
Music Collection commuscol, 2.4.6 and below, SQL Injection Fixed in 2.4.10 Notice: http://www.joomlathat.com/news/music-collection/music-collection-2-4-9-released-security-release-2...
pPGallery [plg_content_ppgallery], 4.315, XSS (Cross Site Scripting)
pPGallery plgcontentppgallery, 4.315, XSS Cross Site Scripting...
Joombri Freelance, pre 1.6.5, SQLi
JoomBri freelance extension pre 1.6.5. suffers major sqli exploit. No contact from developer, Notified by Ruth Cheesley...
"EQ Event Calendar" [com_eqfullevent] , 1.0.0 and below
"EQ Event Calendar" by byeqima.com - version: 1.0.0 and lower SQL injection vulnerability...
eXtplorer 2.1.6 released
http://extplorer.net/news/15 Please update to this new eXtplorer version as it fixes an XSS security issue. Also the UTF-8 fix is recommended for users with non-ASCII filenames...
Visforms pre 2.1.2 and pre 3.1.2
Update so that information submitted with Visforms cannot be disclosed unintentionally. http://www.vi-solutions.de/en/announcements/366-security-updates-for-visforms-2-1-2-and-3-1-2-released...
failedloginattempts v1.0.1
plgfailedloginattemptsv1.0.1j25j30, 1.0.1, Information Disclosure Developers update statements 12-Dec-2014 : v1.1.0 http://www.web357.eu/news/releases/68-failed-login-attempts-v1-1-0-has-been-released-security-release.html...
[20140304] - Core - Unauthorised Logins
Inadequate checking allowed unauthorised logins via GMail authentication...
ODude Dir - DT
ODude DIR - DT-777 developer statement ODude Dir 1.1 updated with fixed securities issues. http://www.odude.com/main/dir/dir-log.html...
CiviCRM 4.3.3 and previous
CiviCRM, = 4.3.3, XSS Cross Site Scripting Update Notice URL http://civicrm.org/blogs/colemanw/security-release-civicrm-434...
Jinc, ALL,
Jinc ALL - Exploit Type Arbitrary File Creation Vulnerability JINC until version 1.0.1 is affected by a vulnerability providing attackers the ability to update arbitrary files in Joomla! installation. This problem is solved in JINC 1.0.2...
[20110901] - Core - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability in comsearch...
[20080904] - Core - Redirect Spam
Several components utilize a passed in URL to redirect to after processing. These URLs are not validated prior to the redirect. A crafted URL can cause the system to redirect to a spam or phishing site...
[20260306] - Core - Improper access check in webservice endpoints
An improper access check allows unauthorized access to webservice endpoints...
[20250103] - Core - Read ACL violation in multiple core views
Improper Access Controls allows access to protected views...
js jobs, 1.3, SQL Injection
js jobs,1.3,SQL Injection...
hwdplayer,4.2,SQL Injection
hwdplayer,4.2,SQL Injection Possible abandonware also...
J2Store, 3.3.9. and previous,XSS (Cross Site Scripting)
J2Store,3.9.x,XSS Cross Site Scripting Update to 3.3.11 https://www.j2store.org/blog/general/j2store-3-3-11-released-with-improvements-and-a-security-fix.html...
js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other
js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other Extension Update Details Fix the file security bug. new version number 2.1.7...
JS support ticket,1.1.6, SQL Injection
JS support ticket,1.1.6, SQL Injection resolution: update to 1.1.7 update notice: https://joomsky.com/products/js-ticket-joomla.html...
RSMembership! older than 1.22.11 ,Other
RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSEvents! Pro (March 2019),Other
RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSEvents! Pro Cart Plugin older than 1.1.15 ,Other
RSEvents! Pro Cart Plugin older than 1.1.15,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
TCPDF Library,6.2.12,Other
TCPDF Library,6.2.12,Other updated to v6.2.26 | ---|--- ttweetfsubscribe...
Jomres,9.14.0 & lower,Other
Jomres,9.14.0 & lower Developer statement new version number 9.15.0 UpdateNotice URL https://www.jomres.net/blog/99-jomres-9-15-0-security-release-new-features Changelog Url https://www.jomres.net/support/changelog...
Jimtawl, 2.2.6, Arbitrary File Upload
Jimtawl from janguo.de, 2.2.6, arbitrary file upload Resolution: update to 2.2.7 Update notice: http://janguo.de/lang-de/joomla-25-higher/jimtawl.html...
JS Support Ticket 1.1.0, ,XSS (Cross Site Scripting)
JS Support Ticket 1.1.0, ,XSS Cross Site Scripting UpdateNotice URL 1.1.1 http://www.joomsky.com/products/js-ticket-joomla.html...
cms2cms improper file/folder permissions
All these extensions create a folder with permissions 0777, which is not subsequently deleted. CMS2CMS: Automated Blogger to J! Migration CMS2CMS: Automated HTML to J! Migration CMS2CMS: Automated Drupal to J! Migration CMS2CMS: Automated WordPress to J! Migration CMS2CMS Automated WiX to J!...
My Projects,2.0,SQL Injection
My Projects,2.0,SQL Injection Resolution: update to version 2.1 Update notice: http://www.gegabyte.org/downloads/joomla-extensions/joomla3/components/292-my-projects...
Virtuemart,3.2.4,XSS (Cross Site Scripting)
Virtuemart,3.2.4,XSS Cross Site Scripting Resolution: update to 3.2.6 update notice: http://virtuemart.net/news/482-virtuemart-3-2-6-security-release-and-overhauled-infrastructure...
Realtyna RPL, All versions, SQL Injection and Abandonware
Realtyna RPL, All versions, SQL Injection and abandonware The developer no longer supports Joomla! The site is still online, but there are redirects to the Wordpress version. We asked the developer about the prospect of a security release, and received this reply: It’s almost 2 years that we...
ccNewsletter 2.1.9 and previous, SQL injection
ccNewsletter by Chill Creations, version 2.1.9 and previous, SQL injection resolution: update to 2.2.0 update notice: https://www.chillcreations.com/downloads/ccnewsletter regrettably, the developer seems to have forgotten to notify the VEL...
AYS Quiz,1.0,SQL Injection
AYS Quiz, 1.0,SQL Injection...
Kunena 5.0.8 and previous XSS
Kunena 5.0.8 and previous, cross-site scripting XSS Resolution: update to 5.0.9 Update notice: https://www.kunena.org/blog/185-kunena-5-0-9-released...
JMultipleHotelReservation, 6.0.3, SQL Injection
JMultipleHotelReservation by CMS Junkie, 6.0.3, SQL Injection Resolution: Update to 6.0.4 Update notice: http://www.cmsjunkie.com/blog/joomla-hotel-reservation-6-0-4-release/...
Most Wanted Real Estate,1.1.0,SQL Injection
Most Wanted Real Estate, 1.1.0, SQL Injection...
Joomla Spider FAQ by Web-Dorado pre 1.3
Joomla Spider FAQ by Web-Dorado pre 1.3 ,SQLi Update to 1.3...
Event Registration Pro,3.2.12 - 3.2.10,SQL Injection
Event Registration Pro,3.2.12 - 3.2.10,SQL Injection resolution: update to 3.2.13 update notice: https://www.joomlashowroom.com/blog/event-registration-pro-3-2-13-released-security-release...