747 matches found
ZH Yandex Map, 6.1.1.0, SQL Injection
ZH Yandex Map, 6.1.1.0 and previous versions, SQL Injection Resolution: update to 6.2.0.0 Update notice: http://zhuk.cc/2017/10/05/zh-yandexmap-security-update/...
Keen IT Photo Contest, 1.0.2, SQL Injection
Keen IT Photo Contest, 1.0.2, SQL Injection...
Checklist by Joomplace,1.1.0,SQL Injection
Checklist by Joomplace, 1.1.0, SQL Injection Resolution: update to 1.1.1 Update notice: https://www.joomplace.com/blog/checklist-security-update.html...
Simgenealogy,2.1.7,SQL Injection
Simgenealogy by Simbunch.com, 2.1.7 and previous, SQL Injection resolution: update to 2.1.8 update notice: https://www.simbunch.com/blog/183-simgenealogy-critical-security-update-2-1-8...
Akeeba Backup, 5.5.1, various issues
Akeeba Backup, versions 5.5.1 and previous, various issues see developer's site for details Resolution: update to 5.5.2 Update notice: https://www.akeebabackup.com/component/ars/?view=Itemsid=2732...
LMS King Lite, SQL Injection
LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...
Appointment, v1.1 ,SQL Injection
Appointment by Harmis Technology joomlaextensions.co.in, v1.1, SQL Injection...
JoomRecipe,1.0.3,SQL Injection
JoomRecipe ,1.0.3,SQL Injection UpdateNotice URL https://www.joomboost.com/blog-updates/entry/joomrecipe-version-1-0-4-security-announcement.html changelog Changelog Url https://www.joomboost.com/components-changelogs/60-joomrecipe-changelog.html...
guesser, 1.0.4
guesser by bitsgeo.com, 1.0.4, SQL Injection...
[20161204] - Misc. Security Hardening
Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set...
Huge IT Catalog,1.0.6,SQL Injection
Huge IT Catalog,1.0.6 and previous versions ,SQL Injection and XSS vulnerability Resolution: update to 1.0.8 Update notice: https://huge-it.com/joomla-extensions-security-notice/...
gmapfp,3.39f,XSS (Cross Site Scripting)
gmapfp,3.39f and previos,XSS Cross Site Scripting Info disclosure, arbitrary fileupload resolution: update to J3.41F update notice:http://gmapfp.org/en/news-of-gmapfp/39-strengthening-of-the-security-component...
Spider random articles before 1.5.3
Spider random articles versions before 1.5.3 Resolution: update to 1.5.3 Update notice: https://web-dorado.com/products/joomla-random.html...
Form Maker before 3.6.0
Web Dorado Form Maker versions before 3.6.0 XSS Resolution: update to 3.6.0 Update notice: https://web-dorado.com/products/joomla-form.html...
HDFLVPlayer 2.2 + previous
Joomla HDFLVPlayer plugin versions 2.2 and previous SQL Injection Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...
civic crm 422
upload exploit /RFI 260413 developer http://civicrm.org/category/civicrm-blog-categories/civicrm-v43 release 4.3.1 Authors:...
[20111103] - Core - Password Change
Weak random number generation during password reset leads to possibility of changing a user's password...
[20110701] - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability...
[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
[20260513] - Core - Privilege escalation through com_users batch task
An improper access check allows privlege escalation through the comusers batch task...
[20260512] - Core - MFA Authentication Bypass
Incorrectly resetted session states to a vector that allows to bypass 2FA checks...
JS Jobs extension (v1.4.2)
JS Jobs extension v1.4.2 sqli...
EDocman, 1.23.3, XSS (Cross Site Scripting)
developer update https://joomdonation.com/forum/edocman/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html...
kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)
kunena, 5.0.x - 5.1.14 ,XSS Cross Site Scripting Developer statement https://www.kunena.org/blog/207-kunena-5-1-14-released...
Jevents 3.4.49 Various
Jevents 3.4.49 Various UpdateNotice URL https://www.jevents.net/blog/jevents-3-4-50-released-all-users-should-upgrade...
Next Gen Editor,2.1.0,SQL Injection
Next Gen Editor, 2.1.0, SQL Injection and multiple other vulnerabilities resolution: update to version 2.2.0 update notice: http://nextgeneditor.com/index.php/en/support/forum/installation-issues/3957-new-security-release...
Price Alert for Virtuemart,3.0.4,SQL Injection
Price Alert for Virtuemart by WebOrange, 3.0.4 and all previous, SQL Injection...
Event Registration Pro,4.1.3,SQL Injection
Event Registration Pro, 4.1.3 and previous, SQL Injection Resolution: update to version 4.1.4 Update notice: https://www.joomlashowroom.com/blog/event-registration-pro-4-1-4-security-release...
J-CruiseReservation,3.0,SQL Injection
J-CruiseReservation by CMS Junkie, 3.0, SQL Injection...
Vehicle Manager,3.9.4,SQL Injection
Vehicle Manager by Ordasoft,3.9.4, SQL Injection Resolution: update to 3.9.5 Update Notice URL http://ordasoft.com/News/News/vehicle-manager-security-update.html...
MediaLibrary,3.5.4, SQL Injection
MediaLibrary by Ordasoft, 3.5.4, SQL Injection Resolution: update to 3.5.5 Update notice: http://ordasoft.com/News/News/media-library-security-update.html...
Eshop, versions before 1.4.4
Joomdonation extensions, Information Disclosure Eshop versions before 1.4.4 Resolution: update to 1.4.4 Update notice URL: http://joomdonation.com/forum/released-versions/50510-eshop-1-4-4-was-released-at-december-25-2015.html73480...
Memberhsip Pro, versions before 2.1.1
Joomdonation extensions, Information Disclosure Memberhsip Pro versions before 2.1.1 Resolution: update to 2.1.1 Update notice URL: http://joomdonation.com/forum/membership-pro/50512-membership-pro-version-2-1-1-released.html...
Joom Donation, versions before 4.1, Information Disclosure
Joomdonation extensions, Information Disclosure Joom Donation versions before 4.1 Resolution: update to 4.1 Update notice URL: http://joomdonation.com/forum/joom-donation/50513-joom-donation-version-4-1-released.html...
Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower
Spider Form Maker by Web-Dorado comformmaker,3.4 and lower,SQL Injection Developer statement This vulnerability was fixed in version 3.4.1 and above. The version 3.4.1 was released on 2014-09-10...
Codels codehighlighter 1.4
Codels plgcontentcodehighlighter version 1.4 and previous. XSS Cross Site Scripting...
My Blog, 2.0.1 Build 286,
My Blog, 2.0.1 Build 286, SQL Injection...
Master Password,
Master Password, 1.5 and any previous, Information Disclosure This extension appears to have been abandoned by the developer...
[20081101] - Core - com_content XSS vulnerability
The defaults on comcontent article submission allow entry of dangerous HTML tags script, etc. This only affects users with access level Author or higher, and only if you have not set filtering options in comcontent configuration...
[20260511] - Core - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
[20260303] - Core - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component...
EasyDiscuss by Stackideas,, , SQL Injection
EasyDiscuss by Stackideas,, , SQL Injection...
Phoca commander
Name: Phoca Company: - Email: [email protected] Extension: Phoca Commander Version: Old 4.0.0, 5.0.1 / New 4.0.2, 5.0.3 Update details: No access for unzip feature as default Update URL: https://github.com/PhocaCz/PhocaCommander/releases/tag/5.0.2 Changelog URL: Download URL:...
[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins
Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...
[20250101] - Core - XSS vectors in module chromes
Various module chromes didn't properly process inputs, leading to XSS vectors...
Community Builder, 2.4.2
Community Builder, 2.4.1 and previous, resolution: update to 2.4.2 update notice: https://www.joomlapolis.com/news/18843-community-builder-2-4-2-security-maintenance-and-features-release...
Vik Rent Car 1.10 and previous
Vik Rent Car 1.10 and previous, SQL injection Resolution: update to 1.11 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...
J-Hotel Portal,6.0.2,SQL Injection
J-Hotel Portal by cmsjunkie.com, 6.0.2, SQL Injection...
Magic Deals Web by Jason Web Design,1.2.0,SQL Injection
Magic Deals Web by Jason Web Design, 1.2.0, SQL Injection...
RSMonials,2.2 and previous,XSS (Cross Site Scripting)
RSMonials, 2.2 and previous versions, XSS Cross Site Scripting also insecure file upload...