743 matches found
flashChart Content Plugin,
flashChart Content Plugin, 1.2.1, XSS Cross Site Scripting Extension Update Details updatet/fixed XSS vulnerability in open-flashchart-swf for external call "get-data" UpdateNoticeURL http://www.jschmidt-systemberatung.de/index.php?lang=en=227...
[20120601] - Core - Privilege Escalation
Inadequate checking leads to possible user privilege escalation...
[20120103] - Core - Information Disclosure
Inadequate filtering leads to information disclosure...
[20260520] - Framework - Inadequate content filtering within the cleanAttributes filter code
Lack of input filtering leads to an XSS vector in the HTML filter code...
[20260512] - Core - MFA Authentication Bypass
Incorrectly resetted session states to a vector that allows to bypass 2FA checks...
rsfiles!
Extension: RSFiles! Version: Old 1.17.7 / New 1.17.8 Update details: Versions affected 1.16.3 through 1.17.7. Allows unauthenticated remote attackers to deny access to service via search component. Fixed in 1.17.8 Update URL:...
LazyDbBackup, 3.9.0, Other
LazyDbBackup Version: 4.0.8...
Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure
Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure Update via developers website...
Jimtawl 2.2.7 - 'id' SQL Injection
Jimtawl 2.2.7 - 'id' SQL Injection Developer statement update to 2.2.8 http://janguo.de/lang-de/joomla-25-higher/joomla-25-jimtawl-2-1.html...
kunena,5.1.4,Other
kunena,5.1.4,Other statement post: https://www.kunena.org/blog/198-kunena-5-1-5-released...
Google Maps by Reumer, 3.5, Malicious update
Google Maps by Reumer, from mapsplugin.com, version 3.5, malicious update Version 3.3 of this plugin is listed in the JED and appears to be clean. However once installed, the Joomla update manager prompts you to update this extension to a version 3.5 which is not officially published. This versio...
Price Alert for Virtuemart,3.0.4,SQL Injection
Price Alert for Virtuemart by WebOrange, 3.0.4 and all previous, SQL Injection...
Keen IT Photo Contest, 1.0.2, SQL Injection
Keen IT Photo Contest, 1.0.2, SQL Injection...
Akeeba Backup, 5.5.1, various issues
Akeeba Backup, versions 5.5.1 and previous, various issues see developer's site for details Resolution: update to 5.5.2 Update notice: https://www.akeebabackup.com/component/ars/?view=Itemsid=2732...
Event Registration Pro,4.1.3,SQL Injection
Event Registration Pro, 4.1.3 and previous, SQL Injection Resolution: update to version 4.1.4 Update notice: https://www.joomlashowroom.com/blog/event-registration-pro-4-1-4-security-release...
JoomRecipe,1.0.3,SQL Injection
JoomRecipe ,1.0.3,SQL Injection UpdateNotice URL https://www.joomboost.com/blog-updates/entry/joomrecipe-version-1-0-4-security-announcement.html changelog Changelog Url https://www.joomboost.com/components-changelogs/60-joomrecipe-changelog.html...
J-CruiseReservation,3.0,SQL Injection
J-CruiseReservation by CMS Junkie, 3.0, SQL Injection...
Vehicle Manager,3.9.4,SQL Injection
Vehicle Manager by Ordasoft,3.9.4, SQL Injection Resolution: update to 3.9.5 Update Notice URL http://ordasoft.com/News/News/vehicle-manager-security-update.html...
MediaLibrary,3.5.4, SQL Injection
MediaLibrary by Ordasoft, 3.5.4, SQL Injection Resolution: update to 3.5.5 Update notice: http://ordasoft.com/News/News/media-library-security-update.html...
gmapfp,3.39f,XSS (Cross Site Scripting)
gmapfp,3.39f and previos,XSS Cross Site Scripting Info disclosure, arbitrary fileupload resolution: update to J3.41F update notice:http://gmapfp.org/en/news-of-gmapfp/39-strengthening-of-the-security-component...
Memberhsip Pro, versions before 2.1.1
Joomdonation extensions, Information Disclosure Memberhsip Pro versions before 2.1.1 Resolution: update to 2.1.1 Update notice URL: http://joomdonation.com/forum/membership-pro/50512-membership-pro-version-2-1-1-released.html...
Joom Donation, versions before 4.1, Information Disclosure
Joomdonation extensions, Information Disclosure Joom Donation versions before 4.1 Resolution: update to 4.1 Update notice URL: http://joomdonation.com/forum/joom-donation/50513-joom-donation-version-4-1-released.html...
Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower
Spider Form Maker by Web-Dorado comformmaker,3.4 and lower,SQL Injection Developer statement This vulnerability was fixed in version 3.4.1 and above. The version 3.4.1 was released on 2014-09-10...
My Blog, 2.0.1 Build 286,
My Blog, 2.0.1 Build 286, SQL Injection...
Master Password,
Master Password, 1.5 and any previous, Information Disclosure This extension appears to have been abandoned by the developer...
[20111103] - Core - Password Change
Weak random number generation during password reset leads to possibility of changing a user's password...
[20110701] - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability...
[20081101] - Core - com_content XSS vulnerability
The defaults on comcontent article submission allow entry of dangerous HTML tags script, etc. This only affects users with access level Author or higher, and only if you have not set filtering options in comcontent configuration...
[20260516] - Core - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
[20260513] - Core - Privilege escalation through com_users batch task
An improper access check allows privlege escalation through the comusers batch task...
[20260511] - Core - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
[20260303] - Core - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component...
[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins
Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...
JS Jobs extension (v1.4.2)
JS Jobs extension v1.4.2 sqli...
[20250101] - Core - XSS vectors in module chromes
Various module chromes didn't properly process inputs, leading to XSS vectors...
kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)
kunena, 5.0.x - 5.1.14 ,XSS Cross Site Scripting Developer statement https://www.kunena.org/blog/207-kunena-5-1-14-released...
Next Gen Editor,2.1.0,SQL Injection
Next Gen Editor, 2.1.0, SQL Injection and multiple other vulnerabilities resolution: update to version 2.2.0 update notice: http://nextgeneditor.com/index.php/en/support/forum/installation-issues/3957-new-security-release...
Vik Rent Car 1.10 and previous
Vik Rent Car 1.10 and previous, SQL injection Resolution: update to 1.11 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...
J-Hotel Portal,6.0.2,SQL Injection
J-Hotel Portal by cmsjunkie.com, 6.0.2, SQL Injection...
Magic Deals Web by Jason Web Design,1.2.0,SQL Injection
Magic Deals Web by Jason Web Design, 1.2.0, SQL Injection...
RSMonials,2.2 and previous,XSS (Cross Site Scripting)
RSMonials, 2.2 and previous versions, XSS Cross Site Scripting also insecure file upload...
Eshop, versions before 1.4.4
Joomdonation extensions, Information Disclosure Eshop versions before 1.4.4 Resolution: update to 1.4.4 Update notice URL: http://joomdonation.com/forum/released-versions/50510-eshop-1-4-4-was-released-at-december-25-2015.html73480...
cckseblod 1.x Directory Traversal
comcckseblod aka seblod 1.x for Joomla 1.5 1.9.0 and all previous versions Directory Traversal Resolution: update to 1.9.1 Update notice: http://www.seblod.com/changelogs?sebchangelogproduct=cck1x Developer states that Seblod 3.x, the version compatible with Joomla 2.5 and 3, is not vulnerable...
Codels codehighlighter 1.4
Codels plgcontentcodehighlighter version 1.4 and previous. XSS Cross Site Scripting...
Jinc, all versions,
Jinc, all versions, XSS Cross Site Scripting UpdateNotice URL http://lhacky.altervista.org/jextensions/index.php/component/content/article/21-news/jinc/100-security-issue-on-jinc-1-0-1...
civic crm 422
upload exploit /RFI 260413 developer http://civicrm.org/category/civicrm-blog-categories/civicrm-v43 release 4.3.1 Authors:...
MT Fire Eagle
LFI http://joomlacode.org/gf/project/jfireeagle/frs/http://www.moto-treks.com 190410 product considered retired and to be replaced by dev Authors:...
EasyDiscuss by Stackideas,, , SQL Injection
EasyDiscuss by Stackideas,, , SQL Injection...
Phoca commander
Name: Phoca Company: - Email: [email protected] Extension: Phoca Commander Version: Old 4.0.0, 5.0.1 / New 4.0.2, 5.0.3 Update details: No access for unzip feature as default Update URL: https://github.com/PhocaCz/PhocaCommander/releases/tag/5.0.2 Changelog URL: Download URL:...