Lucene search
K
JoomlaRecent

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/07 12:0 a.m.•27 views

[20190205] - Core - XSS Issue in core.js writeDynaList

Inadequate parameter handling in JS code could lead to an XSS attack vector...

6.1CVSS7.5AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/26 12:0 a.m.•28 views

[20181005] - Core - CSRF hardening in com_installer

Added additional CSRF hardening in cominstaller actions in the backend...

8.8CVSS8.6AI score0.0098EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/25 11:1 a.m.•24 views

All Regular Labs extensions with editor buttons

All Regular Labs extensions with editor buttons, versions before 7 September 2018, cross site scripting XSS:- - Articles Anywhere - Conditional Content - Dummy Content - Modals - Modules Anywhere - Sliders - Snippets - Tabs - Tooltips The editor button popup urls could potentially be used...

6.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/24 12:0 a.m.•56 views

[20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors

A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector...

6.1CVSS6.2AI score0.00793EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/17 12:0 a.m.•38 views

[20181001] - Core - Hardening com_contact contact form

Inadequate checks in comcontact could allowed mail submission in disabled forms...

4.3CVSS6.4AI score0.01348EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/14 12:0 a.m.•500 views

Gantry package 5.4.26 ,Other

Gantry package containing "Twig" library creates folders with improper folder permissions. On some servers this may lead to world writeable folders. see https://github.com/gantry/gantry5/issues/2363 https://github.com/twigphp/Twig/issues/2353 developer states not a security issue within their...

7.1AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/14 12:0 a.m.•492 views

Magiczoomplus for Joomla, 3.3.4, Insecure Folder Permissions

Magiczoomplus for Joomla, versions 3.3.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure. Resolution: update to 3.3.6 Update notice: https://www.magictoolbox.com/jv-release-update/ Note that the VEL do not agree with the developer's...

1.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/13 12:0 a.m.•20 views

Forms by Balbooa.com,1.7.2,Information Disclosure

Forms by Balbooa.com,1.7.2,Information Disclosure Resolution: update to 1.7.4 there was a previous update 1.7.3 which did not entirely fix the issue update notice: https://support.balbooa.com/forum/joomla-forms/5441-balbooa-joomla-forms-v-1-7-4...

Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/08/23 12:0 a.m.•36 views

[20180801] - Core - Hardening the InputFilter for PHAR stubs

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter...

9.8CVSS9.2AI score0.02932EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/08/12 12:0 a.m.•582 views

Jcomments, version 3.0.5, Input Validation Vulnerability

jcomments,versions 3.0.5 and all previous, inadequate input validation of objectgroup parameter leads to possible exploits including arbitrary local file inclusion resolution: update to version 3.0.6 There is evidence that this is being actively exploited, so users are recommended to update ASAP...

7.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/08/07 12:0 a.m.•486 views

J-Business Directory,4.9.3,SQL Injection

jBusiness Directory from CMS Junkie,4.9.3 and previous versions, SQL Injection, XSS resolution: update to 4.9.4 update notice: http://www.cmsjunkie.com/blog/joomlabusinessdirectory4-9-4release/ Note that the developer did not inform the VEL...

7.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/08/01 12:0 a.m.•506 views

Magiczoomplus for Virtuemart, 4.9.4, Insecure Folder Permissions

Virtuemart plugin magiczoomplus v4.9.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure. Resolution: Update to 4.9.6 Update notice: https://www.magictoolbox.com/jv-release-update/ Note that the VEL do not agree with the developer's...

0.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/07/15 12:0 a.m.•500 views

Kunena,5.0 - 5.1.1,Other

Kunena,5.0 - 5.1.1,Other Developer statement The Kunena team has announce the arrival of Kunena 5.1.2 K 5.1.2 which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the...

7.2AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/07/10 12:0 a.m.•35 views

[20180803] - Core - ACL Violation in custom fields

Inadequate checks regarding disabled fields can lead to an ACL violation...

7.5CVSS8.4AI score0.022EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/07/10 12:0 a.m.•31 views

[20180802] - Core - Stored XSS vulnerability in the frontend profile

Inadequate output filtering on the user profile page could lead to a stored XSS attack...

5.4CVSS6.9AI score0.01033EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/07/04 12:0 a.m.•553 views

Advertisement Board 3.1.0

Advertisement Board by Ordasoft, versions 3.1.0 and previous, SQL Injection Resolution: update to 3.1.4 Update notice:https://ordasoft.com/News/News/advertisement-board-security-update.html...

9.8CVSS9.6AI score0.02703EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/06/21 12:0 a.m.•40 views

[20181002] - Core - Inadequate default access level for com_joomlaupdate

Joomla’s comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access comjoomlaupdate and trigger a code execution...

7.2CVSS6.6AI score0.02694EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/06/20 12:0 a.m.•22 views

[20181003] - Core - Access level Violation in com_tags

Inadequate checks on the tags search fields can lead to an access level violation...

4.3CVSS3AI score0.01181EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/06/14 9:30 a.m.•13 views

Community Builder, 2.4.2

Community Builder, 2.4.1 and previous, resolution: update to 2.4.2 update notice: https://www.joomlapolis.com/news/18843-community-builder-2-4-2-security-maintenance-and-features-release...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/06/14 12:0 a.m.•504 views

Community Builder, 2.1.4, XSS

Community Builder, 2.1.4 and previous, XSS Cross site scripting resolution: update to 2.1.5 update notice: https://www.joomlapolis.com/news/18791-community-builder-2-1-5-security-and-maintenance-release...

0.5AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/05/23 10:5 p.m.•494 views

booking calendar for joomla!

Booking Calendar for Joomla! update to 3.4.0 various security patches. Note END OF LIFE https://www.joomlabookingcalendar.com/last-update/ Last known version number 3.4.0...

2.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/05/14 12:0 a.m.•40 views

[20180506] - Core - Filter field in com_fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

6.5CVSS5.2AI score0.01991EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/05/11 12:0 a.m.•525 views

Nexevo Contact Form, Backdoor

Nexevo Contact Form, Backdoor Resolution: update to 1.0.2 Users should also check for the existence of a plugin called System - Section among their installed extensions. It is malware and needs to be removed and the site treated as hacked. Further information here:...

6.7AI score
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/05/08 12:0 a.m.•500 views

Admin Tools Pro, 5.0.2, Information Disclosure

Admin Tools Pro by Akeeba, versions 5.0.2 and previous, Information Disclosure Resolution: update to 5.1.0 Update notice: https://www.akeebabackup.com/news/1693-admin-tools-security-bulletin-may-2018.html...

1.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/05/07 12:0 a.m.•30 views

[20180602] - Core - XSS vulnerability in language switcher module

In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url...

6.1CVSS7.3AI score0.01413EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/27 12:0 a.m.•28 views

[20180503] - Core - Information Disclosure about unpublished tags

Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission...

4.3CVSS6.9AI score0.01446EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/23 12:0 a.m.•43 views

[20180601] - Core - Local File Inclusion with PHP 5.3

Our autoload code checks classnames to be valid, using the "classexists" function in PHP. In PHP 5.3 this function validates invalid names as valid, which can result in a Local File Inclusion...

8.8CVSS1.7AI score0.02319EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/12 12:0 a.m.•504 views

Convert Forms, 2.0.3, CSV Injection

Convert Forms by Tassos.gr, versions 2.0.3 and previous, CSV Injection resolution: update to 2.0.4 update notice: https://www.tassos.gr/blog/convert-forms-2-0-4-security-release...

1.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/09 12:0 a.m.•501 views

Gridbox com_gridbox, 2.4.0, Multiple Vulnerabilities

Gridbox comgridbox from balbooa.com, 2.4.0 and previous versions, multiple vulnerabilities including XSS, SQLi, arbitratry file download, insecure file upload, directory traversal Resolution: update to version 2.4.1.1 note that previous security release 2.4.1 fixed most of the issues but not all ...

2.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/06 12:0 a.m.•499 views

Virtuemart 3.2.12 and previous, XSS

Virtuemart, versions 3.2.12 and previous, XSS Cross Site Scripting Resolution: update to 3.2.14 update notice: http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/04 12:0 a.m.•504 views

jDownloads,3.2.58, XSS (Cross Site Scripting)

jDownloads, versions 3.2.58 and previous, XSS Cross Site Scripting resolution: update to 3.2.59 update notice: http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html...

1.2AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/30 12:0 a.m.•499 views

Rapicode, Multiple Extensions, Back Door

Rapicode, nultiple extensions, current versions, back door Extensions affected are:- Rapi Content Ticker Rapi Content Carousel Rapi Cookie Consent Rapi Countdown Rapi Preloader Rapi Loading Progress Bar Rapi Page Animate At the moment the back door seems to be loading mining code, it can be used ...

7.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/30 12:0 a.m.•490 views

JS Jobs,1.2.0,XSS (Cross Site Scripting)

JS Jobs from Joomsky.com, versions 1.2.0 and previous,XSS Cross Site Scripting resolution: update to 1.2.1 update notice: http://www.joomsky.com/products/js-jobs.html...

0.6AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/30 12:0 a.m.•35 views

[20180508] - Core - Possible XSS attack in the redirect method

Under specific circumstances a redirect issued with a URI containing a username and password when the Location: header cannot be used, a lack of escaping the user-info component of the URI could result in a XSS vulnerability...

4.7CVSS1.4AI score0.01361EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/27 12:0 a.m.•489 views

mobilejoomla, 2.1.24, malcious redirects

mobilejoomla,2.1.24, malicious redirects. google adsense file added that may redirect all sites adsense revenue to the developer. File is not deleted on removing extension. Developer statement Extension Update Details Previously the free version of the Mobile extension added a file called ads.txt...

7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/27 12:0 a.m.•494 views

Watchfulli SSO Plugin,1.2, Other

Watchfulli SSO Plugin, versions 1.2 and previous, Other Resolution: update to version 1.3 update notice: https://watchful.li/news-blog/news/new-watchful-clients-and-sso-plugin-enhance-encryption...

1.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/26 12:0 a.m.•505 views

AcySMS, 3.5.0, CSV Injection

AcySMS by Acyba, versions 3.5.0 and previous, CSV Injection see https://vel.joomla.org/articles/2140-introducing-csv-injection resolution: update to 3.5.1 update notice: https://www.acyba.com/acysms/change-log.html...

7.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/22 12:0 a.m.•551 views

CP Event Calendar, 3.0.2, SQL Injection

CP Event Calendar from joomlacalendars.com, versions 3.0.2 and previous, SQL Injection resolution: update to 3.0.3 update notice: http://www.joomlacalendars.com/updates/cp-event-calendar-3.0.3...

9.8CVSS1.7AI score0.02652EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/22 12:0 a.m.•496 views

AcyMailing, 5.9.5, CSV Injection

AcyMailing by Acyba, versions 5.9.5 and previous, CSV Injection see https://vel.joomla.org/articles/2140-introducing-csv-injection Resolution: update to 5.9.6 update notice: https://www.acyba.com/acymailing/change-log.html...

7.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/20 12:0 a.m.•524 views

Visual Calendar, 3.1.5, SQL Injection

Visual Calendar by Joomcalendars.com, versions 3.1.5 and previous, SQL Injection resolution: update to 3.1.6 update notice: http://www.joomlacalendars.com/updates/visual-calendar3.1.6...

9.8CVSS1.9AI score0.02652EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/15 12:0 a.m.•572 views

Google Map Landkarten,4.2.3,SQL Injection

Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection...

9.8CVSS3.9AI score0.23973EPSS
Exploits5References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/14 12:0 a.m.•509 views

Kunena,3.x - 5.0.13, Other

Kunena, 3.x - 5.0.13, Other - Normal user can take ownership from any user resolution: update to 5.0.14 update notice: https://www.kunena.org/blog/191-kunena-5-0-14-released...

1.6AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/14 12:0 a.m.•37 views

[20180502] - Core - Add PHAR files to the upload blacklist

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

7.5CVSS0.5AI score0.0213EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/13 12:0 a.m.•501 views

Attachments, 3.2.5, SQL Injection

Attachments from jimcameron.net, versions 3.2.5 and previous, SQL Injection resolution: update to 3.2.6 update notice: http://jmcameron.net/attachments/...

2.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/09 12:0 a.m.•556 views

JomEstate, 3.7, SQL Injection

JomEstate from comdev.eu, versions 3.7 and previous, SQL Injection resolution: resolved in version 3.8, current release is 4.1 update notice: none...

9.8CVSS4.1AI score0.02703EPSS
Exploits4References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/08 12:0 a.m.•548 views

DT Register,3.2.7,SQL Injection

DT Register by DTH Development, versions 3.2.7 and previous, SQL Injection resolution: update to 3.2.8 update notice: https://www.dthdevelopment.com/dth-news/dt-register-328-security-update...

9.8CVSS2.6AI score0.03872EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/08 12:0 a.m.•575 views

Fastball, SQL Injection

Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection...

9.8CVSS3.2AI score0.01946EPSS
Exploits5References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/08 12:0 a.m.•26 views

[20180501] - Core - ACL violation in access levels

Inadequate checks allowed users to modify the access levels of user groups with higher permissions...

8.8CVSS4.6AI score0.0322EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/08 12:0 a.m.•531 views

[20180301] - Core - SQLi vulnerability User Notes

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view...

8.8CVSS9.1AI score0.29245EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/07 12:0 a.m.•559 views

Simple Calendar,3.1.9,SQL Injection

Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection...

9.8CVSS4.2AI score0.02703EPSS
Exploits5References3Affected Software1
Total number of security vulnerabilities747