747 matches found
k2, 2.6.6, Open Folder Permissions
k2, Open folder permissions developer notice http:/getk2.org/blog/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support...
Jinc, ALL,
Jinc ALL - Exploit Type Arbitrary File Creation Vulnerability JINC until version 1.0.1 is affected by a vulnerability providing attackers the ability to update arbitrary files in Joomla! installation. This problem is solved in JINC 1.0.2...
[20120302] - Core - XSS Vulnerability
Inadequate filtering leads to XSS vulnerability...
[20120104] - Core - XSS Vulnerability
Inadequate filtering leads to XSS vulnerability...
[20120202] - Core - Information Disclosure
On some servers the error log could be read by unauthorised users...
[20090102] - Core - plg_xstandard Directory Traversal
A crafted request can cause disclosure of the directory structure on the server including any directory that php has access to...
[20260306] - Core - Improper access check in webservice endpoints
An improper access check allows unauthorized access to webservice endpoints...
Novarain/Tassos Framework, , SQL Injection
allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, and Smile Pack, all relying on the...
[20250103] - Core - Read ACL violation in multiple core views
Improper Access Controls allows access to protected views...
osTicky2, , Other
This extension is abandoned and should be removed from your site...
Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure
Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure Update via developers website...
Virtuemart,3.2.4,XSS (Cross Site Scripting)
Virtuemart,3.2.4,XSS Cross Site Scripting Resolution: update to 3.2.6 update notice: http://virtuemart.net/news/482-virtuemart-3-2-6-security-release-and-overhauled-infrastructure...
Bargain Product VM3, 1.0, SQL Injection
Bargain Product VM3 by WebOrange, 1.0, SQL Injection...
Realtyna RPL, All versions, SQL Injection and Abandonware
Realtyna RPL, All versions, SQL Injection and abandonware The developer no longer supports Joomla! The site is still online, but there are redirects to the Wordpress version. We asked the developer about the prospect of a security release, and received this reply: It’s almost 2 years that we...
AYS Quiz,1.0,SQL Injection
AYS Quiz, 1.0,SQL Injection...
JMultipleHotelReservation, 6.0.3, SQL Injection
JMultipleHotelReservation by CMS Junkie, 6.0.3, SQL Injection Resolution: Update to 6.0.4 Update notice: http://www.cmsjunkie.com/blog/joomla-hotel-reservation-6-0-4-release/...
OS Services Booking,2.5.1,SQL Injection
OS Services Booking by Ossolution, 2.5.1, SQL Injection Resolution: update to 2.5.2 Update notice: https://www.joomdonation.com/forum/os-services-booking/55627-os-services-booking-2-5-2-security-announcement.html...
Real Estate Manager,3.9.7,SQL Injection
Real Estate Manager by Ordasoft, 3.9.7, SQL Injection Resolution: update to 3.9.8 Update notice: http://ordasoft.com/News/News/real-estate-manager-security-update.html...
recipe manager, 2.2
recipe manager by joomla6teen.com, 2.2, SQL Injection...
Joomla Spider FAQ by Web-Dorado pre 1.3
Joomla Spider FAQ by Web-Dorado pre 1.3 ,SQLi Update to 1.3...
Easy Youtube Gallery , 1.0.2,Information Disclosure
Easy Youtube Gallery , 1.0.2,Information Disclosure...
Event Registration Pro,3.2.12 - 3.2.10,SQL Injection
Event Registration Pro,3.2.12 - 3.2.10,SQL Injection resolution: update to 3.2.13 update notice: https://www.joomlashowroom.com/blog/event-registration-pro-3-2-13-released-security-release...
aceftp,unknown version,Other
aceftp abandonware,unknown, Download Permssion Extension not currently under development, probably all versions affected...
Universal AJAX Live Search, 5.4.0, Other
Universal AJAX Live Search 5.4.0, Other. Inadequate permissions Developer states: Extension Update Details Folders permissions vulnerability fixed. Resolution: update to versio 5.4.2 UpdateNoticeURL http://universalajaxlivesearch.demo.offlajn.com/index.php/simple-theme/security-update...
RD Download, 0.9.0 and below
RD Downloads comrddownload, 0.9.0 and previous Warning: Author abandoned this component, no further support expected Update notice: https://github.com/rdeutz/rddownload...
JEvents pre 3.1.37
Version 3.1.37 eliminates a low risk theoretical XSS exploit and SQL injection exploit. UpdateNoticeURL https://www.jevents.net/jevnews/234-jevents-32 ttweetfsubscribe...
HDFLVPlayer 2.2 and previous
HDFLVPlayer versions 2.2 and all previous Email exploit Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...
Joomla Mac Gallery 1.5 and below
Joomla Mac Gallery 1.5 and below RFI...
AceSEF , 4.1.2 and below
AceSEF , 4.1.2, SQL Injection...
plg_codehighlight, 1.0.1 , xss
union-d codehighlight, 1.0.1 , XSS Cross Site Scripting...
[20131102] Core XSS Vulnerability
Inadequate filtering leads to XSS vulnerability in comcontact, comweblinks, comnewsfeeds...
Ace SEF4
With the AceSEF 4.0.0, XSS Vulnerability is solved http://www.joomace.net/joomla-extensions/acesef/changelog UpdateNoticeURL http://www.joomace.net/joomla-extensions/acesef-joomla-seo-sef-urls...
sectionex, 2.5.96
sectionex, , SQL Injection Extension Update Details Version 2.5.104 Update Notice URL http://stackideas.com/blog/important-security-release-for-sectionex-2-5...
flashChart Content Plugin,
flashChart Content Plugin, 1.2.1, XSS Cross Site Scripting Extension Update Details updatet/fixed XSS vulnerability in open-flashchart-swf for external call "get-data" UpdateNoticeURL http://www.jschmidt-systemberatung.de/index.php?lang=en=227...
Phoca Gallery 3x
Phoca Gallery, 3x, SQL Injection...
[20120601] - Core - Privilege Escalation
Inadequate checking leads to possible user privilege escalation...
[20120103] - Core - Information Disclosure
Inadequate filtering leads to information disclosure...
[20260520] - Framework - Inadequate content filtering within the cleanAttributes filter code
Lack of input filtering leads to an XSS vector in the HTML filter code...
[20250901] - Core - Inadequate content filtering within the checkAttribute filter code
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
rsfiles!
Extension: RSFiles! Version: Old 1.17.7 / New 1.17.8 Update details: Versions affected 1.16.3 through 1.17.7. Allows unauthenticated remote attackers to deny access to service via search component. Fixed in 1.17.8 Update URL:...
LazyDbBackup, 3.9.0, Other
LazyDbBackup Version: 4.0.8...
JoomProject 1.1.3.2 ID
new version number 1.1.3.3 https://www.joomboost.com/blog-updates/joomproject-version-1-1-3-3-security-announcement.html...
Jimtawl 2.2.7 - 'id' SQL Injection
Jimtawl 2.2.7 - 'id' SQL Injection Developer statement update to 2.2.8 http://janguo.de/lang-de/joomla-25-higher/joomla-25-jimtawl-2-1.html...
kunena,5.1.4,Other
kunena,5.1.4,Other statement post: https://www.kunena.org/blog/198-kunena-5-1-5-released...
JEXTN Question And Answer ,3.1.0,SQL Injection
JEXTN Question And Answer ,3.1.0,SQL Injection...
Google Maps by Reumer, 3.5, Malicious update
Google Maps by Reumer, from mapsplugin.com, version 3.5, malicious update Version 3.3 of this plugin is listed in the JED and appears to be clean. However once installed, the Joomla update manager prompts you to update this extension to a version 3.5 which is not officially published. This versio...
ZH Yandex Map, 6.1.1.0, SQL Injection
ZH Yandex Map, 6.1.1.0 and previous versions, SQL Injection Resolution: update to 6.2.0.0 Update notice: http://zhuk.cc/2017/10/05/zh-yandexmap-security-update/...
Keen IT Photo Contest, 1.0.2, SQL Injection
Keen IT Photo Contest, 1.0.2, SQL Injection...
Checklist by Joomplace,1.1.0,SQL Injection
Checklist by Joomplace, 1.1.0, SQL Injection Resolution: update to 1.1.1 Update notice: https://www.joomplace.com/blog/checklist-security-update.html...
Simgenealogy,2.1.7,SQL Injection
Simgenealogy by Simbunch.com, 2.1.7 and previous, SQL Injection resolution: update to 2.1.8 update notice: https://www.simbunch.com/blog/183-simgenealogy-critical-security-update-2-1-8...