747 matches found
eXtplorer 2.1.12 various
eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...
oziogallery,5.0.1,XSS (Cross Site Scripting)
oziogallery,5.0.1,XSS Cross Site Scripting Update Notice URL https://www.facebook.com/groups/oziogallery/permalink/1588619457938122/ Change log Url https://www.opensourcesolutions.es/en/ext/ozio-gallery.htmlChangelog...
Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure
Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure Update via developers website...
RSEvents! Pro (March 2019),Other
RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSEvents! Pro Cart Plugin older than 1.1.15 ,Other
RSEvents! Pro Cart Plugin older than 1.1.15,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSMembership! older than 1.22.11 ,Other
RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSForm! Pro,2.2.0 (March 2019),Other
RSForm! Pro,2.2.0 March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
[20190501] - Core - XSS in com_users ACL debug views
The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...
[20190601] - Core - CSV injection in com_actionlogs
The CSV export of comactionslogs is vulnerable to CSV injection...
Phoca Gallery,4.3.15 prior,Other
Phoca Gallery,4.3.15 prior,Other Update Notice URL https://www.phoca.cz/news/1029-phoca-gallery-4-3-17-released...
kunena, ,XSS (Cross Site Scripting)
kunena,5.1.3,XSS Cross Site Scripting...
[20190603] - Core - ACL hardening of com_joomlaupdate
The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...
[20190801] - Core - Hardening com_contact contact form
Inadequate checks in comcontact could allowed mail submission in disabled forms...
[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor
In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and...
AcyMailing 5.10.6 Various
AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...
[20190403] - Core - Object.prototype pollution in JQuery $.extend
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks...
TCPDF Library,6.2.12,Other
TCPDF Library,6.2.12,Other updated to v6.2.26 | ---|--- ttweetfsubscribe...
Jevents 3.4.49 Various
Jevents 3.4.49 Various UpdateNotice URL https://www.jevents.net/blog/jevents-3-4-50-released-all-users-should-upgrade...
[20190401] - Core - Directory Traversal in com_media
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory...
[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users
The "refresh list of helpsites" endpoint of comusers lacks access checks, allowing calls from unauthenticated users...
[20190301] - Core - XSS in com_config JSON handler
The JSON handler in comconfig lacks input validation, leading to XSS vulnerability...
Kunena,5.1.9,XSS (Cross Site Scripting)
Kunena,5.1.9,XSS Cross Site Scripting https://www.kunena.org/blog/203-kunena-5-1-10-released...
[20190304] - Core - Missing ACL check in sample data plugins
The sample data plugins lack ACL checks, allowing unauthorized access...
[20190302] - Core - XSS in item_title layout
The itemtitle layout in edit views lacks escaping, leading to a XSS vulnerability...
[20190303] - Core - XSS in media form field
The media form field lacks escaping, leading to a XSS vulnerability...
Edocman,1.1.17,SQL Injection
Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...
[20210703] - Core - Lack of enforced session termination
Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked...
Easy Shop ,1.2.3 ,Other
Easy Shop ,1.2.3 ,Other Developer update 1.2.4 https://www.joomtech.net/blog/easyshop-1-2-4-security-issues-fixed Developer did not tellvel...
JoomCRM 1.1.1
new version number 1.1.2 https://www.joomboost.com/blog-updates/joomcrm-version-1-1-2-security-announcement.html...
JoomProject 1.1.3.2 ID
new version number 1.1.3.3 https://www.joomboost.com/blog-updates/joomproject-version-1-1-3-3-security-announcement.html...
J-CruiseReservation 6.0.2 sqli
new version number 6.0.4 UpdateNotice URL https://www.cmsjunkie.com/blog/cruise-reservations-update/...
[20190206] - Core - Implement the TYPO3 PHAR stream wrapper
The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper...
[20190203] - Core - Additional warning in the Global Configuration textfilter settings
"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog...
[20190204] - Core - Stored XSS issue in the Global Configuration help url #2
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...
[20190602] - Core - XSS in subform field
The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors...
kunena,5.1.7,XSS (Cross Site Scripting)
kunena,5.1.7,XSS Cross Site Scripting https://www.kunena.org/blog/201-kunena-5-1-8-released...
Jomres,9.14.0 & lower,Other
Jomres,9.14.0 & lower Developer statement new version number 9.15.0 UpdateNotice URL https://www.jomres.net/blog/99-jomres-9-15-0-security-release-new-features Changelog Url https://www.jomres.net/support/changelog...
[20190104] - Core - Stored XSS issue in the Global Configuration help url
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...
[20190102] - Core - Stored XSS in com_contact
Inadequate escaping in comcontact leads to a stored XSS vulnerability...
[20190101] - Core - Stored XSS in mod_banners
Inadequate escaping in modbanners leads to a stored XSS vulnerability...
[20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings
Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS...
music collection, 3.0.3 ,SQL Injection
music collection, 3.0.3 ,SQL Injection Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4...
kunena,5.1.6.1,XSS (Cross Site Scripting)
kunena,5.1.6.1,XSS Cross Site Scripting Developer statement: Update to 5.1.7 https://www.kunena.org/blog/200-kunena-5-1-7-released...
Jimtawl 2.2.7 - 'id' SQL Injection
Jimtawl 2.2.7 - 'id' SQL Injection Developer statement update to 2.2.8 http://janguo.de/lang-de/joomla-25-higher/joomla-25-jimtawl-2-1.html...
[20190201] - Core - Lack of URL filtering in various core components
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability...
[20201107] - Core - Write ACL violation in multiple core views
Lack of input validation while handling ACL rulesets can cause write ACL violations...
CW Article Attachments (Free Version), SQL Injection
CW Article Attachments Free Version from cwjoomla.com, versions 1.0.6 and previous, SQL Injection resolution: update to 1.0.7 update notice: http://www.cwjoomla.com/download-cw-article-attachments...
CW Article Attachments (Pro Version), SQL Injection
CW Article Attachments Pro Version from cwjoomla.com, versions 2.1.0 and previous, SQL Injection resolution: update to 2.1.2 update notice: http://www.cwjoomla.com/download-cw-article-attachments...
kunena,5.1.4,Other
kunena,5.1.4,Other statement post: https://www.kunena.org/blog/198-kunena-5-1-5-released...
JSN Framework System Plugin, 2.1.5
JSN Framework System Plugin, versions 2.1.5 and previous, unrestricted file uploads without any authorization Resolution: update to 2.1.6 Update notice: https://www.joomlashine.com/forums/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html Users are strongly urged to update immediately...