725 matches found
XCloner Backup and Restore [com_cloner], 3.5.2
XCloner Backup and Restore comcloner, 3.5.2, probably previous, multiple vulnerabilities...
"EQ Event Calendar" [com_eqfullevent] , 1.0.0 and below
"EQ Event Calendar" by byeqima.com - version: 1.0.0 and lower SQL injection vulnerability...
eXtplorer 2.1.6 released
http://extplorer.net/news/15 Please update to this new eXtplorer version as it fixes an XSS security issue. Also the UTF-8 fix is recommended for users with non-ASCII filenames...
JEvents pre 3.1.37
Version 3.1.37 eliminates a low risk theoretical XSS exploit and SQL injection exploit. UpdateNoticeURL https://www.jevents.net/jevnews/234-jevents-32 ttweetfsubscribe...
HDFLVPlayer 2.2 and previous
HDFLVPlayer versions 2.2 and all previous Email exploit Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...
event registration pro
event registration pro, , SQL Injection UpdateNoticeURL: http://www.joomlashowroom.com/blog/security-and-bug-release-for-all-versions-of-event-registration-pro affects versions prior to 3.0.1 Joomla 3 prior to 2.5.6 Joomla 2.5 prior to 1.5.22 Joomla 1.5...
sectionex, 2.5.96
sectionex, , SQL Injection Extension Update Details Version 2.5.104 Update Notice URL http://stackideas.com/blog/important-security-release-for-sectionex-2-5...
k2, 2.6.6, Open Folder Permissions
k2, Open folder permissions developer notice http:/getk2.org/blog/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support...
Phoca Gallery 3x
Phoca Gallery, 3x, SQL Injection...
[20090102] - Core - plg_xstandard Directory Traversal
A crafted request can cause disclosure of the directory structure on the server including any directory that php has access to...
Novarain/Tassos Framework, , SQL Injection
allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, and Smile Pack, all relying on the...
[20250901] - Core - Inadequate content filtering within the checkAttribute filter code
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
osTicky2, , Other
This extension is abandoned and should be removed from your site...
JC Dashboards, 1.3.10, Other
JCDashboards updated latest version V1.3.31 as this includes a fix for a possible security leak should your linux server not be configured correctly in certain circumstances. changelog | Download url ---|--- https://joomcode.com/jcmedia/comjcdashboards/versionhistory.html |...
Virtual Classroom, , SQL Injection
Developer release blog https://blog.braincert.com/virtual-classroom-security-release-elevate-your-online-learning-on-wordpress-and-joomla/...
JKassa, 2.0.0, SQL Injection
JKassa, 2.0.0, SQL Injection Update to latest version https://jkassa.com/en/extensions/jkassa.html...
GMapFP 3.30,Other
GMapFP 3.30,3.30,Other Related in https://vel.joomla.org/resolved/1835-gmapfp-3-39f-xss-cross-site-scripting new version number 3.55...
JoomProject 1.1.3.2 ID
new version number 1.1.3.3 https://www.joomboost.com/blog-updates/joomproject-version-1-1-3-3-security-announcement.html...
JEXTN Question And Answer ,3.1.0,SQL Injection
JEXTN Question And Answer ,3.1.0,SQL Injection...
Virtuemart,3.2.4,XSS (Cross Site Scripting)
Virtuemart,3.2.4,XSS Cross Site Scripting Resolution: update to 3.2.6 update notice: http://virtuemart.net/news/482-virtuemart-3-2-6-security-release-and-overhauled-infrastructure...
ZH Yandex Map, 6.1.1.0, SQL Injection
ZH Yandex Map, 6.1.1.0 and previous versions, SQL Injection Resolution: update to 6.2.0.0 Update notice: http://zhuk.cc/2017/10/05/zh-yandexmap-security-update/...
Bargain Product VM3, 1.0, SQL Injection
Bargain Product VM3 by WebOrange, 1.0, SQL Injection...
Checklist by Joomplace,1.1.0,SQL Injection
Checklist by Joomplace, 1.1.0, SQL Injection Resolution: update to 1.1.1 Update notice: https://www.joomplace.com/blog/checklist-security-update.html...
Simgenealogy,2.1.7,SQL Injection
Simgenealogy by Simbunch.com, 2.1.7 and previous, SQL Injection resolution: update to 2.1.8 update notice: https://www.simbunch.com/blog/183-simgenealogy-critical-security-update-2-1-8...
LMS King Lite, SQL Injection
LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...
Appointment, v1.1 ,SQL Injection
Appointment by Harmis Technology joomlaextensions.co.in, v1.1, SQL Injection...
OS Property,3.0.9,SQL Injection
OS Property,3.0.9,SQL Injection Resolution: update to 3.10.0 Update notice: https://www.joomdonation.com/forum/os-property/56774-os-property-3-0-9-security-announcement.html...
OS Services Booking,2.5.1,SQL Injection
OS Services Booking by Ossolution, 2.5.1, SQL Injection Resolution: update to 2.5.2 Update notice: https://www.joomdonation.com/forum/os-services-booking/55627-os-services-booking-2-5-2-security-announcement.html...
Real Estate Manager,3.9.7,SQL Injection
Real Estate Manager by Ordasoft, 3.9.7, SQL Injection Resolution: update to 3.9.8 Update notice: http://ordasoft.com/News/News/real-estate-manager-security-update.html...
recipe manager, 2.2
recipe manager by joomla6teen.com, 2.2, SQL Injection...
guesser, 1.0.4
guesser by bitsgeo.com, 1.0.4, SQL Injection...
JomWall, 4.1.1,SQL Injection
JomWall version 4.1.1 and previous, SQL Injection resolution: update to 4.1.2 update notice: https://dashbite.com/news/jomwall-security-fix-new-version-4-1-2...
Easy Youtube Gallery , 1.0.2,Information Disclosure
Easy Youtube Gallery , 1.0.2,Information Disclosure...
[20161204] - Misc. Security Hardening
Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set...
Huge IT Catalog,1.0.6,SQL Injection
Huge IT Catalog,1.0.6 and previous versions ,SQL Injection and XSS vulnerability Resolution: update to 1.0.8 Update notice: https://huge-it.com/joomla-extensions-security-notice/...
Form Maker before 3.6.0
Web Dorado Form Maker versions before 3.6.0 XSS Resolution: update to 3.6.0 Update notice: https://web-dorado.com/products/joomla-form.html...
Spider random articles before 1.5.3
Spider random articles versions before 1.5.3 Resolution: update to 1.5.3 Update notice: https://web-dorado.com/products/joomla-random.html...
HDFLVPlayer 2.2 + previous
Joomla HDFLVPlayer plugin versions 2.2 and previous SQL Injection Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...
Joomla Mac Gallery 1.5 and below
Joomla Mac Gallery 1.5 and below RFI...
AceSEF , 4.1.2 and below
AceSEF , 4.1.2, SQL Injection...
plg_codehighlight, 1.0.1 , xss
union-d codehighlight, 1.0.1 , XSS Cross Site Scripting...
[20131103] Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in comcontact...
[20131101] Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in comcontact...
[20131102] Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in comcontact, comweblinks, comnewsfeeds...
Ace SEF4
With the AceSEF 4.0.0, XSS Vulnerability is solved http://www.joomace.net/joomla-extensions/acesef/changelog UpdateNoticeURL http://www.joomace.net/joomla-extensions/acesef-joomla-seo-sef-urls...
flashChart Content Plugin,
flashChart Content Plugin, 1.2.1, XSS Cross Site Scripting Extension Update Details updatet/fixed XSS vulnerability in open-flashchart-swf for external call "get-data" UpdateNoticeURL http://www.jschmidt-systemberatung.de/index.php?lang=en=227...
[20120302] - Core - XSS Vulnerability
Inadequate filtering leads to XSS vulnerability...
[20120104] - Core - XSS Vulnerability
Inadequate filtering leads to XSS vulnerability...
[20120202] - Core - Information Disclosure
On some servers the error log could be read by unauthorised users...
[20260512] - Core - MFA Authentication Bypass
Incorrectly resetted session states to a vector that allows to bypass 2FA checks...