Akeeba backup

https://www.akeebabackup.com/home/news/1561-security-updates-august-2014.html 3.2.0-3.2.7, 3.3.0-3.3.13, 3.4.0-3.4.3, 3.5.x, 3.6.0-3.6.12, 3.7.x, 3.8.0-3.8.2, 3.9.x, 3.10.x, 3.11.0-3.11.3...

Joomla Multicalendar, 5.3.2 and previous versions,

Joomla Multicalendar, 5.3.2 and previous versions, XSS Cross Site Scripting UpdateNoticeURL http://www.joomlacalendars.com/faq/multi-view-calendar-for-joomlaq39...

JChatSocial, 2.2 and lower

JChatSocial, 2.2 and lower, XSS Cross Site Scripting...

Watchful Client (watchful.li extension), 1.9.0 and lower

Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation. Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html...

kunena 3.0.5 XSS and SQL Injection

kunena 3.0.5 XSS and SQL Injection Update notice http://www.kunena.org/blog/139-kunena-3-0-6-released...

youtube gallery, 4.1.7,

youtube gallery, 4.1.7, SQL Injection Extension Update Details 4.1.9 UpdateNoticeURL http://www.joomlaboat.com/youtube-gallery...

K2 Content Extension, 2.6.8,

K2 Content Extension, 2.6.8, XSS Cross Site Scripting resolution update to version 2.6.9...

Joomlaworks allvideos

Joomlaworks allvideos plugin version 4.5.0 and previous XSS cross-site scripting Extension Update Details The new 4.6.0 version released replaces the XSS affected JW Player v5 with the newest v6. UpdateNoticeURL http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-...

JW player, 5.10.22 xss

JW player, 5.10.2295, XSS Cross Site Scripting Update notice url:http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0...

EasyBlog pre 3.9.15770

EasyBlog Extension Update Details. This fix has been included in EasyBlog 3.9.15770 UpdateNoticeURL http://stackideas.com/blog/easyblog-3-9-15770-released...

plg_highlight_button, 1.5 and previious sqli

plghighlightbutton, 1.5 and previious versions, SQL Injection Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...

plg_highlight_content, 1.5 and previous

plghighlightcontent, 1.5 and previious versions, XSS Cross Site Scripting update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...

Codels codehighlighter 1.4

Codels plgcontentcodehighlighter version 1.4 and previous. XSS Cross Site Scripting...

plg_codehighlight, 1.0.1 , xss

union-d codehighlight, 1.0.1 , XSS Cross Site Scripting...

[20140303] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability...

[20140302] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in comcontact...

ActiveHelper LiveHelp, 3.2.0, sqli

ActiveHelper LiveHelp, 3.2.0, SQL Injection We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units. Update Notice URL...

Google Maps plugin for Joomla, pre 3.1 and 2.20,

Google Maps plugin for Joomla, 3.1 and 2.20, XSS Cross Site Scripting joomla-base reumer.net developer statement A SECURITY RELEASE 3.1 of plugin Google Maps by Reumer is released and this must be applied to your Joomla installation...

JJ Shoutbox, 1.2.6,

JJ Shoutbox, 1.2.6, Other Developer statement This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0 http://joomjunk.co.uk/products/module-home/shoutbox.htmlchangelog...

[20140304] - Core - Unauthorised Logins

Inadequate checking allowed unauthorised logins via GMail authentication...

ODude Dir - DT

ODude DIR - DT-777 developer statement ODude Dir 1.1 updated with fixed securities issues. http://www.odude.com/main/dir/dir-log.html...

ODude Ecard - DT

ODude Ecard - DT - 777 developer statement - ODude Ecard Version 2.1 http://www.odude.com/main/odude-ecard/ecard-log.html...

ODude Profile

ODude Profile Directory Traversal vulnerability - 777 developer statement ODude Profile | 3.2 | http://www.odude.com/main/profile/profile-changelog.html ---|---|---...

[20140301] - Core - SQL Injection

Inadequate escaping leads to SQL injection vulnerability...

JomSocial component pre 3.1.0.1

JomSocial component 3.1.0.1 RFI The new version number is 3.1.0.4 http://www.jomsocial.com/blog/hot-fix-3-1-0-4...

iRecommend, >= 3.0,

iRecommend, = 3.0, Other XSS & FPD developer states inaccurate report...

extplorer, 2.1.4 and below

extplorere, ID,DT, release of 2.1.5 http://extplorer.net/news/14...

Spider contacts, 1.3.3,

Spider contacts, 1.3.3, SQL Injection Extension Update Details We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL http://web-dorado.com/products/joomla-contacts.html...

spider contact lite, sqli

spider contact lite , , as per http://vel.joomla.org/vel-blog/976-spider-contacts-1-3-3.html Extension Update Details We have fixed the vulnerability on Spider Contacts Lite. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL...

[20131103] Core XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in comcontact...

[20131101] Core XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in comcontact...

event registration pro

event registration pro, , SQL Injection UpdateNoticeURL: http://www.joomlashowroom.com/blog/security-and-bug-release-for-all-versions-of-event-registration-pro affects versions prior to 3.0.1 Joomla 3 prior to 2.5.6 Joomla 2.5 prior to 1.5.22 Joomla 1.5...

jomsocial below 3.0.5.1

jomsocial , 3.0.5.1, SQL Injection Resolved prior to notification...

[20131102] Core XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in comcontact, comweblinks, comnewsfeeds...

My Blog, 2.0.1 Build 286,

My Blog, 2.0.1 Build 286, SQL Injection...

Mijo Analytics, Joomla 2.5.x,

Mijo Analytics, Joomla 2.5.x, SQL Injection...

Ace SEF4

With the AceSEF 4.0.0, XSS Vulnerability is solved http://www.joomace.net/joomla-extensions/acesef/changelog UpdateNoticeURL http://www.joomace.net/joomla-extensions/acesef-joomla-seo-sef-urls...

sectionex, 2.5.96

sectionex, , SQL Injection Extension Update Details Version 2.5.104 Update Notice URL http://stackideas.com/blog/important-security-release-for-sectionex-2-5...

joomsport pro and std

joomsport, pro 3.1.1 and std 2.0 , Directory Traversal developers release statement Security notes put in product description and put release notes on our site for both products http://joomsport.com/downloads/components.html?lang=en - Here is the link for standard updated release...

Cobalt,8.270

Cobalt, , DT/permissions developer update Notice updated http://www.mintjoomla.com/blog/item/279-update-cobalt-v-8-279-stable.html...

k2, 2.6.6, Open Folder Permissions

k2, Open folder permissions developer notice http:/getk2.org/blog/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support...

[20130801] - Core - Unauthorised Uploads

Inadequate filtering leads to the ability to bypass file type upload restrictions...

Unite Horizontal Carousel

Unite Horizontal Carousel, , Directory Traversal Updated the extension, fixed the bug, the new version is 1.1 UpdateNoticeURL http://unitecms.net/news...

Master Password,

Master Password, 1.5 and any previous, Information Disclosure This extension appears to have been abandoned by the developer...

Jinc, all versions,

Jinc, all versions, XSS Cross Site Scripting UpdateNotice URL http://lhacky.altervista.org/jextensions/index.php/component/content/article/21-news/jinc/100-security-issue-on-jinc-1-0-1...

CiviCRM 4.3.3 and previous

CiviCRM, = 4.3.3, XSS Cross Site Scripting Update Notice URL http://civicrm.org/blogs/colemanw/security-release-civicrm-434...

flashChart Content Plugin,

flashChart Content Plugin, 1.2.1, XSS Cross Site Scripting Extension Update Details updatet/fixed XSS vulnerability in open-flashchart-swf for external call "get-data" UpdateNoticeURL http://www.jschmidt-systemberatung.de/index.php?lang=en=227...

Jinc, ALL,

Jinc ALL - Exploit Type Arbitrary File Creation Vulnerability JINC until version 1.0.1 is affected by a vulnerability providing attackers the ability to update arbitrary files in Joomla! installation. This problem is solved in JINC 1.0.2...

Phoca Gallery 3x

Phoca Gallery, 3x, SQL Injection...

bo:VideoJS, 2.1.1,

bo:VideoJS, 2.1.1, xss From developerhttp://www.boeschung.de/en/joomla/bo-videojs/video-js-v320...