747 matches found
easysocial, 2.0.18 and below
easysocial, 2.0.18 and below Extension Update Details https://stackideas.com/blog/security-update-for-easysocial-2019...
Alta User Points,1.1.7,SQL Injection
Alta User Points, 1.1.7, SQL Injection Resolution: update to 1.1.8 Update Notice URL https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=120categoryid=8=58...
Ajax search for K2, 2.2
Ajax search for K2 by taleia.software, 2.2, SQL Injection...
community quiz,4.4.1,SQL Injection
community quiz by corejoomla.com, 4.4.1, SQL Injection Resolution: update to 4.4.2 Update Notice: https://www.corejoomla.com/news/1164-community-quiz-v4-4-2-is-released.html...
Abstract manager, 2.1
Abstract manager by joomla6teen.com, 2.1, SQL Injection...
hwdVideoShare,N/A
hwdVideoShare,N/A,SQL Injection Dev Statement The hwdVideoShare comhwdvideoshare extension was retired 3 years ago, and we deleted it from the Joomla Extensions Directory. It was replaced by a completely new extension called HWDMediaShare...
Community Builder versions 2.1 and previous
Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle Release 2.1.1 updates to version 5.2.22 of PHP Mailer provides custom fix for Guzzle library Developer states that this is precautionary only, and that these...
HDW Player, 3.2.1 and older
HDW Player, 3.2.1 and older including 3.1 and 3.0 Remote code execution Please see https://vel.joomla.org/vel-blog/2033-hdw-player-4-0-0-rce for further information...
Payment Form, versions before 4.2
Joomdonation extensions, Information Disclosure Payment Form versions before 4.2 Resolution: update to 4.2 Update notice URL: http://joomdonation.com/forum/payment-form/50514-payment-form-version-4-2-released.html...
Events Booking, versions before 2.1.1
Joomdonation extensions, Information Disclosure Events Booking versions before 2.1.1 Resolution: update to 2.1.1 Update notice URL: http://joomdonation.com/forum/events-booking-general-discussion/50511-events-booking-version-2-1-1-released.html...
Komento, 2.0.4 and previous, XSS (Cross Site Scripting)
Stackideas Komento, prior to 2.0.5, XSS Cross Site Scripting Resolved in version 2.0.5 Update notice: http://stackideas.com/changelog/komento?version=2.0.5...
Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla
Joomla GoogleSearch CSE, 3.0.2 and below, any Joomla, XSS Cross Site Scripting Resolution: update to version 3.0.4 Update Notice: http://www.kksou.com/php-gtk2/joomla-news/important-notice-googlesearch-cse-component.php...
Responsive Portfolio Wall [mod_repowa], 1.0 and below, XSS (Cross Site Scripting)
Responsive Portfolio Wall modrepowa, 1.0, XSS Cross Site Scripting Extension includes vulnerable version of JS library prettyPhoto Vulnerability fixed in version 1.1 Update notice: http://www.joomlabusiness.net/module/responsive-portfolio-wall...
Joombri Freelance, pre 1.6.5, SQLi
JoomBri freelance extension pre 1.6.5. suffers major sqli exploit. No contact from developer, Notified by Ruth Cheesley...
AllVideos version 4.6.1 and previous
AllVideos by Joomlaworks version 4.6.1 and previous XSS Cross Site Scripting Resolution: update to version 4.7.0 Update notice url: http://www.joomlaworks.net/forum/product-updates/41200-april-20th,-2015-allvideos-v4-7-0...
spider random articles 1.5.0 and previous
spider random articles, all versions prior to 1.5.1 SQL Injection Version 1.5.1 is a "Security Release" and those who use Random Article version under 1.5.1 should upgrade immediately to the latest version!...
corephp paGo, LFI 1.0.7 and below
Corephp paGo, , DT, LFI Developer update statement http://www.corephp.com/blog/corephp-announces-immediate-availability-pago-commerce-1-07-1/...
MijoShop, 2.4.x - 2.5.x,
MijoShop, 2.4.x - 2.5.x, SQL Injection Extension Update Details 2.5.2 UpdateNoticeURL http://miwisoft.com/blog/mijoshop-252-security-update-released...
K2 Content Extension, 2.6.8,
K2 Content Extension, 2.6.8, XSS Cross Site Scripting resolution update to version 2.6.9...
[20140304] - Core - Unauthorised Logins
Inadequate checking allowed unauthorised logins via GMail authentication...
ODude Dir - DT
ODude DIR - DT-777 developer statement ODude Dir 1.1 updated with fixed securities issues. http://www.odude.com/main/dir/dir-log.html...
ODude Profile
ODude Profile Directory Traversal vulnerability - 777 developer statement ODude Profile | 3.2 | http://www.odude.com/main/profile/profile-changelog.html ---|---|---...
JomSocial component pre 3.1.0.1
JomSocial component 3.1.0.1 RFI The new version number is 3.1.0.4 http://www.jomsocial.com/blog/hot-fix-3-1-0-4...
[20110901] - Core - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability in comsearch...
JC Dashboards, 1.3.10, Other
JCDashboards updated latest version V1.3.31 as this includes a fix for a possible security leak should your linux server not be configured correctly in certain circumstances. changelog | Download url ---|--- https://joomcode.com/jcmedia/comjcdashboards/versionhistory.html |...
Virtual Classroom, , SQL Injection
Developer release blog https://blog.braincert.com/virtual-classroom-security-release-elevate-your-online-learning-on-wordpress-and-joomla/...
JKassa, 2.0.0, SQL Injection
JKassa, 2.0.0, SQL Injection Update to latest version https://jkassa.com/en/extensions/jkassa.html...
GMapFP 3.30,Other
GMapFP 3.30,3.30,Other Related in https://vel.joomla.org/resolved/1835-gmapfp-3-39f-xss-cross-site-scripting new version number 3.55...
RSEvents! Pro (March 2019),Other
RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
Jomres,9.14.0 & lower,Other
Jomres,9.14.0 & lower Developer statement new version number 9.15.0 UpdateNotice URL https://www.jomres.net/blog/99-jomres-9-15-0-security-release-new-features Changelog Url https://www.jomres.net/support/changelog...
Jimtawl, 2.2.6, Arbitrary File Upload
Jimtawl from janguo.de, 2.2.6, arbitrary file upload Resolution: update to 2.2.7 Update notice: http://janguo.de/lang-de/joomla-25-higher/jimtawl.html...
JS Support Ticket 1.1.0, ,XSS (Cross Site Scripting)
JS Support Ticket 1.1.0, ,XSS Cross Site Scripting UpdateNotice URL 1.1.1 http://www.joomsky.com/products/js-ticket-joomla.html...
cms2cms improper file/folder permissions
All these extensions create a folder with permissions 0777, which is not subsequently deleted. CMS2CMS: Automated Blogger to J! Migration CMS2CMS: Automated HTML to J! Migration CMS2CMS: Automated Drupal to J! Migration CMS2CMS: Automated WordPress to J! Migration CMS2CMS Automated WiX to J!...
My Projects,2.0,SQL Injection
My Projects,2.0,SQL Injection Resolution: update to version 2.1 Update notice: http://www.gegabyte.org/downloads/joomla-extensions/joomla3/components/292-my-projects...
ccNewsletter 2.1.9 and previous, SQL injection
ccNewsletter by Chill Creations, version 2.1.9 and previous, SQL injection resolution: update to 2.2.0 update notice: https://www.chillcreations.com/downloads/ccnewsletter regrettably, the developer seems to have forgotten to notify the VEL...
Kunena 5.0.8 and previous XSS
Kunena 5.0.8 and previous, cross-site scripting XSS Resolution: update to 5.0.9 Update notice: https://www.kunena.org/blog/185-kunena-5-0-9-released...
Joomla Modern Booking,1.0,SQL Injection
Joomla Modern Booking,1.0,SQL Injection new version number 2.0.0 UpdateNotice URL https://www.unikalus.com/announcements.html...
Smart related articles ,1.1,SQL Injection and XSS
Smart related articles by Iacopo Guarneri, 1.1,SQL Injection and XSS...
Most Wanted Real Estate,1.1.0,SQL Injection
Most Wanted Real Estate, 1.1.0, SQL Injection...
Jtag Calendar 6.2.4
JTag Calendar versions 6.2.4 and previous Resolution: update to 6.2.5 Developer states: Fixed security issue in search functionality Update notice: https://joomlatag.com/premium-joomla-extensions/jtag-calendar-detail.html...
SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9
Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 possibly below resolution: update to version 2.8.10 update notice: https://securitycheck.protegetuordenador.com/index.php/downloads/securitycheck-j3x...
Music Collection, 2.4.6 and below, SQL Injection
Music Collection commuscol, 2.4.6 and below, SQL Injection Fixed in 2.4.10 Notice: http://www.joomlathat.com/news/music-collection/music-collection-2-4-9-released-security-release-2...
pPGallery [plg_content_ppgallery], 4.315, XSS (Cross Site Scripting)
pPGallery plgcontentppgallery, 4.315, XSS Cross Site Scripting...
XCloner Backup and Restore [com_cloner], 3.5.2
XCloner Backup and Restore comcloner, 3.5.2, probably previous, multiple vulnerabilities...
"EQ Event Calendar" [com_eqfullevent] , 1.0.0 and below
"EQ Event Calendar" by byeqima.com - version: 1.0.0 and lower SQL injection vulnerability...
eXtplorer 2.1.6 released
http://extplorer.net/news/15 Please update to this new eXtplorer version as it fixes an XSS security issue. Also the UTF-8 fix is recommended for users with non-ASCII filenames...
Visforms pre 2.1.2 and pre 3.1.2
Update so that information submitted with Visforms cannot be disclosed unintentionally. http://www.vi-solutions.de/en/announcements/366-security-updates-for-visforms-2-1-2-and-3-1-2-released...
[20131103] Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in comcontact...
[20131101] Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in comcontact...
event registration pro
event registration pro, , SQL Injection UpdateNoticeURL: http://www.joomlashowroom.com/blog/security-and-bug-release-for-all-versions-of-event-registration-pro affects versions prior to 3.0.1 Joomla 3 prior to 2.5.6 Joomla 2.5 prior to 1.5.22 Joomla 1.5...