"EQ Event Calendar" [com_eqfullevent] , 1.0.0 and below

"EQ Event Calendar" by byeqima.com - version: 1.0.0 and lower SQL injection vulnerability...

swmenufree, v8.3 ,Other

swmenufree, swMenuFree 8.3 for Joomla 2.5.x and 3.x , other Resolution: update to version 8.5 Update notice: http://www.swmenupro.com/downloads/swmenufree.html?view=document=1...

Football [com_football],SQL Injection

Component comfootball, unknown version possibly joomleague fork SQL Injection...

OS Property - Joomla Real Estate sqli pre 2.8.1

OS Property - Joomla Real Estate sqli 12th May 2014 - New version 2.8.1 ============== Bug Fixed =============== 1. SQL Injection solved developer did not inform VEL...

"J-ClassifiedsManager" by CMSjunkie

"J-ClassifiedsManager" by CMSjunkie, versions before 2.1.0, SQL injection Resolution Update to 2.1.0 UpdateNoticeURL http://www.cmsjunkie.com/blog/joomla-classifieds-manager-2-1-0-release/...

"Simple Email Form" by unlikelysource.com, 1.8.5 and below

"Simple Email Form" by unlikelysource.com, 1.8.5 and older; XSS Resolution: update to version 1.8.6 Update notice URL: http://joomla.unlikelysource.org/index.php...

RD Download, 0.9.0 and below

RD Downloads comrddownload, 0.9.0 and previous Warning: Author abandoned this component, no further support expected Update notice: https://github.com/rdeutz/rddownload...

Kunena,3.0.7 and previous

Kunena,3.0.7 and previous,Other Resolution: update to 3.0.8 Update notice url: http://www.kunena.org/blog/143-kunena-3-0-8-released Note that the developer did not inform the VEL...

ECommerce-WD [com_ecommercewd],1.2.5, maybe earlier

ECommerce-WD comecommercewd,1.2.5, maybe earlier,SQL Injection developer statement This vulnerabilities are fixed in version 1.2.6 and above. The version 1.2.6 was released on 2015-03-18...

Creative Contact Form [com_creativecontactform],2.0.0 and previous

Creative Contact Form comcreativecontactform,2.0.0 and previous,Other Resolution: Update to latest release 3.0.x Notice of Resolution: http://creative-solutions.net/joomla/creative-contact-form...

Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower

Spider Form Maker by Web-Dorado comformmaker,3.4 and lower,SQL Injection Developer statement This vulnerability was fixed in version 3.4.1 and above. The version 3.4.1 was released on 2014-09-10...

Face Gallery by Apptha [com_facegallery] version 1.0

Face Gallery by Apptha comfacegallery, version 1.0 exploit: Other...

Joomla Simple Photo Gallery version 1.1

Apptha Joomla Simple Photo Gallery ,comsimplephotogallery version 1.1 and previous, Other...

AllVideos version 4.6.1 and previous

AllVideos by Joomlaworks version 4.6.1 and previous XSS Cross Site Scripting Resolution: update to version 4.7.0 Update notice url: http://www.joomlaworks.net/forum/product-updates/41200-april-20th,-2015-allvideos-v4-7-0...

[20150601] - Core - Open Redirect

Inadequate checking of the return value allowed to redirect to an external page...

spider random articles 1.5.0 and previous

spider random articles, all versions prior to 1.5.1 SQL Injection Version 1.5.1 is a "Security Release" and those who use Random Article version under 1.5.1 should upgrade immediately to the latest version!...

[20150602] - Core - CSRF Protection

Lack of CSRF checks potentially enabled uploading malicious code...

youtube plugin - youtubejoomla ,1.1

youtube plugin - Stian Totland,1.1 ,Other , youtubejoomla...

Gallery WD version 1.2.3 and previous

Gallery WD version 1.2.3 and previous XSS Cross Site Scripting Resolution: Update to version 1.2.5 Update notice URL: http://web-dorado.com/products/joomla-gallery.html...

eXtplorer 2.1.6 released

http://extplorer.net/news/15 Please update to this new eXtplorer version as it fixes an XSS security issue. Also the UTF-8 fix is recommended for users with non-ASCII filenames...

Solidres previous to 8.0.0

Solidres previous to 8.0.0 SQL Injection Update to 8.0.0 Update notice URL http://www.solidres.com/blog/2015/01/26/solidres-0-8-0-released/...

Jdownloads Pre 3.2.23

Jdownloads Extension Update Details Version 3.2.23 eliminates two vulnerabilities to prevent SQL injections. Only low risk. UpdateNoticeURL http://www.jdownloads.com/index.php?option=comcontent=article=234:jdownloads-3223-beta-published=51:news...

J2Store 2.5 to 2.8.3, SQL Injection

J2Store 2.5 to 2.8.3 SQL Injection Update to 2.8.4 UpdateNoticeURL http://j2store.org/blog/213-security-update-january-2015.html...

JCE - Joomla Content Editor 2.4.5 and previous

Versions 2.4.5 and previous Update to Version 2.4.6 improves security in add-on installation system UpdateNoticeURL https://www.joomlacontenteditor.net/news/item/jce-246-released...

JEvents pre 3.1.37

Version 3.1.37 eliminates a low risk theoretical XSS exploit and SQL injection exploit. UpdateNoticeURL https://www.jevents.net/jevnews/234-jevents-32 ttweetfsubscribe...

corephp paGo, LFI 1.0.7 and below

Corephp paGo, , DT, LFI Developer update statement http://www.corephp.com/blog/corephp-announces-immediate-availability-pago-commerce-1-07-1/...

EDVAS blank template pre 3.5.1

Blank bootstrap edition Template : Update Details http://github.com/Bloggerschmidt/Blank-Bootstrap-Edition/releases/tag/v3.5.1 See https://github.com/Bloggerschmidt/Blank-BootstrapEdition...

sbahjaoui contact 1.0

sbahjaoui contact version 1.0 SQL Injection Resolution: update to version 1.1 Update notice: http://www.sbahjaoui-info.com/en/extensions/category/10-sbahjaoui-contact.html ttweetfsubscribe...

Visforms pre 2.1.2 and pre 3.1.2

Update so that information submitted with Visforms cannot be disclosed unintentionally. http://www.vi-solutions.de/en/announcements/366-security-updates-for-visforms-2-1-2-and-3-1-2-released...

HDFLVPlayer 2.2 + previous

Joomla HDFLVPlayer plugin versions 2.2 and previous SQL Injection Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...

HDFLVPlayer 2.2 and previous

HDFLVPlayer versions 2.2 and all previous Email exploit Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...

failedloginattempts v1.0.1

plgfailedloginattemptsv1.0.1j25j30, 1.0.1, Information Disclosure Developers update statements 12-Dec-2014 : v1.1.0 http://www.web357.eu/news/releases/68-failed-login-attempts-v1-1-0-has-been-released-security-release.html...

Events Booking, 1.6.7 and lower, (module: Search Events)

Events Booking 1.6.7 =Vulnerability: XSS Cross Site Scripting Extension Update Details This issue only affect the search module Search Events which comes with Events Booking. We released version 1.6.8 to address this issue...

HDFLVPlayer, 2.0, Directory Traversal

HDFLVPlayer, 2.0, Directory Traversal Contus/apptha developers statement We fixed the directory traversal issue and updated the version with 2.2 UpdateNoticeURL http://www.hdflvplayer.net/hd-flv-player-download.php...

edocuman, 1.6.0, Other

edocuman, 1.6.0, Other Developer update notice http://joomdonation.com/forum/edocman/45095-low-security-edocman-1-6-1-released.html53433...

Admin Exile 2.3.5 sqli

Admin Exile version 2.3.5 SQL injection Developer Update Version 2.3.6 resolves an unpublished/theoretical SQL injection vulnerability. http://www.richeyweb.com/development/joomla-plugins/71-adminexile-for-joomla-16...

AceShop, up to version 4.1.3,

AceShop, up to version 4.1.3, SQL Injection...

MijoShop, 2.4.x - 2.5.x,

MijoShop, 2.4.x - 2.5.x, SQL Injection Extension Update Details 2.5.2 UpdateNoticeURL http://miwisoft.com/blog/mijoshop-252-security-update-released...

Akeeba CMS Update

Extension Update Details Akeeba CMS Update 1.0.2 Update Notice URL https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html...

Hika Shop

HikaShop 2.3.2 and below also Hika Market 1.4.3 and below Remote code execution Note that developer did not inform the VEL Notice of resolution: http://www.hikashop.com/index.php?option=comcontent=article=269...

JDownloads

unauthorized file upload vulnerable versions: below 1.9.1.6 Joomla 2.5 and below 1.9.2.11 Joomla 3 security release announcement: http://www.jdownloads.com/index.php?option=comcontent=article=231:urgent-security-update-for-19-series=51:news Note that the developer did not inform the VEL...

[20140904] - Core - Denial of Service

Inadequate checking allowed the potential for a denial of service attack...

[20140903] - Core - Remote File Inclusion

Inadequate checking allowed the potential for remote files to be executed...

Joomla Mac Gallery 1.5 and below

Joomla Mac Gallery 1.5 and below RFI...

AceSEF , 4.1.2 and below

AceSEF , 4.1.2, SQL Injection...

EuropaCart, 8.0.1 and below ,

EuropaCart, 8.0.1, Other - ACL @Kryptronic...

Spider Contacts 1.3.6 SQLI

Joomla Spider Contacts 1.3.6 SQL Injection Developer update http://web-dorado.com/products/joomla-contacts.html...

[20140902] - Core - Unauthorised Logins

Inadequate checking allowed unauthorised logins via LDAP authentication...

joomla spider video, 2.8.3, sqli

joomla spider video, 2.8.3, SQL Injection UpdateNoticeURL http://web-dorado.com/products/joomla-player.html...

[20140901] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in commedia...