747 matches found
Joomloc-CAT, version 4.1.3, SQL injection
Joomloc-CAT, version 4.1.3, SQL injection Resolution: update to 4.2.1 Update Notice URL http://www.joomloc.fr.nf/en/downloads-products/file/joomloc-pro-channel-manager-pms.html...
JMS Support Online module, 2.0.0, XSS (Cross Site Scripting)
JMS Support Online module,2.0.0,XSS Cross Site Scripting...
Huge IT Slider,1.0.9,SQL Injection
Huge IT Slider,1.0.9,SQL Injection Resolution: update to 1.1.0 update notice: https://huge-it.com/joomla-extensions-security-notice/...
nitroslider,1.0.0
nitroslider,1.0.0 open folder permissions update to 1.0.1 update notice: https://www.themechoice.com/joomla-extensions/nitro-layer-slider...
[20170701] - Core - Information Disclosure
Improper cache invalidation leads to disclosure of form contents...
Master User, versions before 2.1.4
Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...
Art Pretty Photo [artprettyphoto],1.9.21 and below,XSS (Cross Site Scripting)
Art Pretty Photo artprettyphoto, 1.9.21 and below, XSS Cross Site Scripting...
Kunena,3.0.7 and previous
Kunena,3.0.7 and previous,Other Resolution: update to 3.0.8 Update notice url: http://www.kunena.org/blog/143-kunena-3-0-8-released Note that the developer did not inform the VEL...
Face Gallery by Apptha [com_facegallery] version 1.0
Face Gallery by Apptha comfacegallery, version 1.0 exploit: Other...
youtube plugin - youtubejoomla ,1.1
youtube plugin - Stian Totland,1.1 ,Other , youtubejoomla...
JCE - Joomla Content Editor 2.4.5 and previous
Versions 2.4.5 and previous Update to Version 2.4.6 improves security in add-on installation system UpdateNoticeURL https://www.joomlacontenteditor.net/news/item/jce-246-released...
Akeeba CMS Update
Extension Update Details Akeeba CMS Update 1.0.2 Update Notice URL https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html...
[20120602] - Core - Information Disclosure
Inadequate filtering leads SQL error and information disclosure...
[20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered
An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTPREFERER variable is not properly parsed...
[20250902] - Core - User-Enumeration in passkey authentication method
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...
[20240704] - Core - XSS in Wrapper extensions
The wrapper extensions do not correctly validate inputs, leading to XSS vectors...
acymailing, pre 8.7.0 , Other
acymailing, pre 8.7.0 , Other multiple...
LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other
Other : 5.0.2 Exploit Check developer for new releases...
paGO Commerce, 2.5.9.0, SQL Injection
paGO Commerce, 2.5.9.0, SQL Injection...
CMS2CMS, Connector Extension, 2.00 permissions
CMS2CMS Connector Extension 2.00 Update of the permission type created for the catalog file 2.01...
PayPlans,4.0, ID
PayPlans,4.0, ID https://stackideas.com/blog/payplans-4013 Update to 4.0.13...
kunena,5.1.7,XSS (Cross Site Scripting)
kunena,5.1.7,XSS Cross Site Scripting https://www.kunena.org/blog/201-kunena-5-1-8-released...
kunena,5.1.6.1,XSS (Cross Site Scripting)
kunena,5.1.6.1,XSS Cross Site Scripting Developer statement: Update to 5.1.7 https://www.kunena.org/blog/200-kunena-5-1-7-released...
[20181003] - Core - Access level Violation in com_tags
Inadequate checks on the tags search fields can lead to an access level violation...
Simple Image Gallery (free) 3.5.0 and previous, XSS
Simple Image Gallery Freed by Joomlaworks, version 3.5.0 and previous, XSS Resolution: update to 3.6.0 Update notice: https://www.joomlaworks.net/blog/item/269-simple-image-gallery-free-v3-6-0-released-featuring-enhanced-print-previews-fixing-xss-vulnerability-related-to-print-page-output Note th...
B2j Contact,2.0 and other,Other
B2j Contact,2.0 and other,Other Resolved by upgrading to 2.1.15...
Street Guesser,1.1.8,SQL Injection
Street Guesser by Normograph, version 1.1.8, SQL Injection resolution: update to 1.1.13 update notice: https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=160categoryid=1=58...
Calendar Planner 1.0.1 - SQL Injection
Calendar Planner 1.0.1 - SQL Injection resolution: update to 1.0.2 update notice: http://www.joomlathat.com/news/news/calendar-planner/calendar-planner-1-0-2-security-release...
PayPal IPN for DOCman by shopfiles.com,3.1,SQL Injection
PayPal IPN for DOCman by shopfiles.com, 3.1, SQL Injection...
JE Property Finder, 1.6.3
JE Property Finder,1.6.3,SQL Injection...
ja-k2- filter-and- search, SQL Injection
ja-k2- filter-and- search, version 1.2.2 and all previous SQL Injection Resolution: update to 1.2.5 Update notice: https://www.joomlart.com/updates/joomla-extensions/important-security-fix-release-ja-k2-filter-component?utmsource=newslettermedium=emailcampaign=k2filtercritical Note that developer...
Huge IT Video Gallery,1.1.1,XSS (Cross Site Scripting)
Huge IT Video Gallery,1.1.1,XSS Cross Site Scripting Also versions 1.0.9 and previous have SQL injection vulnerability Resolution: update to version 1.1.3 Update notice: https://huge-it.com/joomla-extensions-security-notice/...
[20170408] - Core - Information Disclosure
Multiple files caused full path disclosures on systems with enabled error reporting...
[20160802] - Core - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability in mail component...
EasySocial versions before 1.4.7
EasySocial versions before 1.4.7: Code injection Resolution: update to 1.4.7 Update notice: http://stackideas.com/blog/critical-update-for-easysocial-update-to-1-4-7-now...
Realtyna RPL,8.9.2,Other
Realtyna RPL,8.9.2,Other Resolution: update to 8.9.5 Update notice URL http://rpl.realtyna.com/Change-Logs/RPL7-Changelog...
Extplorer, 2.1.7 and previous
Developer startement eXtplorer 2.1.8 released Today eXtplorer 2.1.8 was released, fixing some minor vulnerabilities. Changelog: - added security functions for protection against CSRF attacks - fixed "directories with the name '0' are not loading" An update is recommended...
JCE - A Content Editor for Joomla, 2.5.0, 2.5.1, 2.5.2
JCE - A Content Editor for Joomla, vulnerable versions: 2.5.0, 2.5.1, 2.5.2, Vulnerability type: other Resolution: update to version 2.5.3 Update Notice URL https://www.joomlacontenteditor.net/news/item/jce-253-released Developer says that versions prior to 2.5.0 do not appear to be affected, but...
Event Manager, 2.1.4 and below, multiple vulnerabilities
Event Manager, 2.1.4 and below, SQLi and Unrestricted File Upload Fixed in version 2.1.4.2 Notice: http://www.joomlaeventmanager.net/project/changelog-jem-2...
BeestoHelpDesk, 3.1.1 and probably all previous,Information Disclosure
BeestoHelpDesk, 3.1.1 and probably all previous,Information Disclosure Resolution: update to version 3.1.2 or 2.5.2 for users of Joomla 2.5.x update notice: http://beesto.com/forum/read.php?25,1963,1963msg-1963...
Football [com_football],SQL Injection
Component comfootball, unknown version possibly joomleague fork SQL Injection...
"J-ClassifiedsManager" by CMSjunkie
"J-ClassifiedsManager" by CMSjunkie, versions before 2.1.0, SQL injection Resolution Update to 2.1.0 UpdateNoticeURL http://www.cmsjunkie.com/blog/joomla-classifieds-manager-2-1-0-release/...
"Simple Email Form" by unlikelysource.com, 1.8.5 and below
"Simple Email Form" by unlikelysource.com, 1.8.5 and older; XSS Resolution: update to version 1.8.6 Update notice URL: http://joomla.unlikelysource.org/index.php...
Jdownloads Pre 3.2.23
Jdownloads Extension Update Details Version 3.2.23 eliminates two vulnerabilities to prevent SQL injections. Only low risk. UpdateNoticeURL http://www.jdownloads.com/index.php?option=comcontent=article=234:jdownloads-3223-beta-published=51:news...
J2Store 2.5 to 2.8.3, SQL Injection
J2Store 2.5 to 2.8.3 SQL Injection Update to 2.8.4 UpdateNoticeURL http://j2store.org/blog/213-security-update-january-2015.html...
edocuman, 1.6.0, Other
edocuman, 1.6.0, Other Developer update notice http://joomdonation.com/forum/edocman/45095-low-security-edocman-1-6-1-released.html53433...
Admin Exile 2.3.5 sqli
Admin Exile version 2.3.5 SQL injection Developer Update Version 2.3.6 resolves an unpublished/theoretical SQL injection vulnerability. http://www.richeyweb.com/development/joomla-plugins/71-adminexile-for-joomla-16...
joomla spider video, 2.8.3, sqli
joomla spider video, 2.8.3, SQL Injection UpdateNoticeURL http://web-dorado.com/products/joomla-player.html...
ActiveHelper LiveHelp, 3.2.0, sqli
ActiveHelper LiveHelp, 3.2.0, SQL Injection We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units. Update Notice URL...
JJ Shoutbox, 1.2.6,
JJ Shoutbox, 1.2.6, Other Developer statement This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0 http://joomjunk.co.uk/products/module-home/shoutbox.htmlchangelog...