747 matches found
JB Bus, 2.3, SQL Injection
JB Bus by Joombooking, 2.3, SQL Injection...
File Download Tracker,3.0,SQL Injection
File Download Tracker by techsolsystem.com, 3.0, SQL Injection...
JQuickContact, 1.3.2.3, SQL Injection
JQuickContact by Wassim Jied, versions 1.3.2.3 and previous, SQL Injection resolution: update to 1.3.2.4 update notice: http://coderspirit.blogspot.com/2011/07/jquickcontact.html...
SquadManagement,1.0.3,SQL Injection
SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection...
Checklist by Joomplace, 1.1.1.003, SQL Injection
Checklist by Joomplace, versions 1.1.1.003 and previous, SQL Injection resolution: update to 1.1.1.004 Update notice: https://www.joomplace.com/blog/security-update-for-checklist.html...
CW Tags, 2.0.8, SQL Injection
CW Tags by CW Joomla, versions 2.0.8 and previous, SQL Injection Note that the VEL do not agree with the developer's assessment of this as a "low level" security issue Resolution: update to version 2.1.1 Update notice: http://www.cwjoomla.com/download-cw-tags...
PrayerCenter,3.0.2,SQL Injection
PrayerCenter by Mike Leeper MLWebTechnologies, versions 3.0.2 and previous,SQL Injection resolution: update to 3.0.3 update notice: https://github.com/MLWebTechnologies/PrayerCenter...
Ek rishta, 2.9, SQL Injection
Ek rishta by Harmis Technology, versions 2.9 and previous, SQL Injection Resolution: update to 2.10 update notice: https://joomlaextensions.co.in/extensions/other-extensions/product/Ek-Rishta...
JMS Music,1.1.1,SQL Injection
JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection...
JGive, 2.0.9, SQL Injection
JGive by Techjoomla.com, versions 2.0.9 and previous, SQL Injection resolution: update to 2.0.11 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...
NeoRecruit, 4.2.1, SQL Injection
NeoRecruit by NeoJoomla, versions 4.2.1 and previous, SQL Injection resolution: update to 4.2.2 update notice: http://www.neojoomla.com/index.php?option=comcontent=view=275=2...
Form Maker, 3.6.14, SQL Injection
Form Maker by Web Dorado, Versions 3.6.14 and previous, SQL Injection resolution: update to 3.6.15 note that previous security release did not completely fix the issue update notice: https://web-dorado.com/products/joomla-form.html...
Alexandria Book Library, 3.1.3, SQL Injection
Alexandria Book Library by Federica Ugolotti, versions 3.1.3 and previous, SQL Injection note that security release 3.1.3 does not fully fix the issue resolution: update to 3.1.4 update notice: alexandriabooklibrary.org/en/downloads/18-components.html...
Jticketing, 2.0.16, SQL Injection
Jticketing by techjoomla.com, versions 2.0.16 and previous, SQL Injection resolution: update to 2.0.18 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...
JS Autoz ,1.0.9,SQL Injection
JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection...
Invitex, 3.0.5, SQL Injection
Invitex by techjoomla.com, versions 3.0.5 and previous, SQL Injection resolution: update to 3.0.6 update notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex...
Gallery WD, 1.3.9, SQL Injection
Gallery WD by Web Dorado, versions 1.3.9 and previous, SQL Injection resolution: update to 1.3.10 update notice: https://web-dorado.com/products/joomla-gallery.html...
Media Library Free, 4.0.12, SQL Injection
Media Library Free by Ordasoft, versions 4.0.12 and previous, SQL Injection resolution: update to 4.0.21 update notice: https://ordasoft.com/News/News/media-library-security-update.html...
Realpin,1.5.04,SQL Injection
Realpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection...
Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection
Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities...
OS Property, 3.12.8, SQL Injection
OS Property from Joomdonation.com, 3.12.8 and previous, SQL Injection resolution: update to 3.12.9 note that previous security release 3.12.8 did not completely fix the issue update notice: https://www.joomdonation.com/forum/os-property/61368-os-property-3-12-9-released-security-issue-fixed.html...
Proclaim, 9.1.1, Arbitrary File Upload
Proclaim from Christian Web Ministries installs as combiblestudy, versions 9.1.1 and previous, arbitrary file upload, also backup file download resolution: update to 9.1.2 fixes both issues update notice: https://github.com/Joomla-Bible-Study/Joomla-Bible-Study/releases...
Saxum Numerology, 3.0.4, SQL Injection
Saxum Numerology, versions 3.0.4 and previous, SQL Injection...
Saxum Astro, 4.0.14, SQL Injection
Saxum Astro, versions 4.0.14 and previous, SQL Injection...
Kubik-Rubik Simple Image Gallery Extended (SIGE),3.2.3,XSS (Cross Site Scripting)
Kubik-Rubik Simple Image Gallery Extended SIGE, versions 3.2.3 and previous, XSS Cross Site Scripting resolution: update to 3.2.4 latest release is 3.3.0 update notice: https://joomla-extensions.kubik-rubik.de/sige-simple-image-gallery-extendedchangelog Note that the developer did not inform the ...
Saxum Picker, 3.2.10, SQL Injection
Saxum Picker, vesions 3.2.10 and previous, SQL Injection...
Smart Shoutbox, 2.9.5, SQL Injection
Smart Shoutbox by thekrotek.com, version 2.9.5 and previous, SQL Injection resolution: update to 3.0.0, version released July 2017 update notice: so far the developer has not made an update notice making clear that this was a security release The developer says "Version 3.0 is an absolutely new...
Timetable Responsive Schedule, 1.6, SQL injection
Timetable Responsive Schedule For Joomla by QuanticaLabs, versions 1.6. and previous, SQL injection Resolution: update to 1.7 update notice: https://codecanyon.net/item/timetable-responsive-schedule-for-joomla/9749539item-descriptionupdates...
Solidres, 2.5.0, SQL Injection
Solidres, 2.5.0 and previous, SQL Injection Resolution: update to 2.5.1 Update notice: https://www.solidres.com/download/show-all-downloads/solidres/solidres-2-5-1...
JSP Store Locator, 2.4, SQL Injection
JSP Store Locator by Joomla Service Provider, versions 2.4 and previous, SQL Injection Resolution: update to 2.5 update notice: http://www.joomlaserviceprovider.com/jspblog/jsp-store-locator-2-5-security-release.html...
JSP Tickets, 1.1, SQL Injection
JSP Tickets from Joomla Service Provider, versions 1.1 and previous, SQL Injection Resolution: update to version 1.2.0 Update notice: http://www.joomlaserviceprovider.com/jspblog/jsp-tickets-1-2-security-release.html...
Zh BaiduMap, 3.0.0.1, SQL Injection
Zh BaiduMap by zhuk.cc, versions 3.0.0.1 and previous, SQL Injection resolution: update to 3.0.1.0 update notice: http://zhuk.cc/2018/02/21/zh-baidumap-security-update/...
ZH GoogleMap, 8.4.0.0, SQL Injection
ZH GoogleMap from zhuk.cc, versions 8.4.0.0 and previous, SQL Injection Resolution: update to 8.4.1.0 Update notice: http://zhuk.cc/2018/02/21/zh-googlemap-security-update-2/...
ZH Yandex Map, 6.2.1.0, SQL Injection
ZH Yandex Map from zhuk.cc, versions 6.2.1.0 and previous, SQL Injection Resolution: update to version 6.3.1.0 Update notice: http://zhuk.cc/2018/02/21/zh-yandexmap-security-update-2/...
Jimtawl, 2.2.6, Arbitrary File Upload
Jimtawl from janguo.de, 2.2.6, arbitrary file upload Resolution: update to 2.2.7 Update notice: http://janguo.de/lang-de/joomla-25-higher/jimtawl.html...
JS Jobs, 1.1.9, SQL Injection
JS Jobs by Joomsky, versions 1.1.9 and previous, SQL injection resolution: update to version 1.2.0 update notice: http://www.joomsky.com/products/js-jobs.html...
ccNewsletter 2.2.3 security release
there is a SQL injection issue in ccNewsletter. I advice everyone using a ccNewsletter version before 2.2.2 to upgrade! You can download ccNewsletter 2.2.3 from our downloads section here. https://www.chillcreations.com/downloads/ccnewsletterreltabs-145-notes...
[20180504] - Core - Installer leaks plain text password to local user
The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and displays the plain text password for the administrator account at the confirmation screen...
JS Support Ticket 1.1.0, ,XSS (Cross Site Scripting)
JS Support Ticket 1.1.0, ,XSS Cross Site Scripting UpdateNotice URL 1.1.1 http://www.joomsky.com/products/js-ticket-joomla.html...
[20180505] - Core - XSS Vulnerabilities & additional hardening
Inadequate input filtering leads to multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack...
JCE Editor,2.6.25, XSS (Cross Site Scripting)
JCE Editor Pro, Version 2.6.25 only, XSS Cross Site Scripting Resolution: update to 2.6.26 Update notice: https://www.joomlacontenteditor.net/news/jce-pro-2-6-26-released...
Simple Image Gallery (free) 3.5.0 and previous, XSS
Simple Image Gallery Freed by Joomlaworks, version 3.5.0 and previous, XSS Resolution: update to 3.6.0 Update notice: https://www.joomlaworks.net/blog/item/269-simple-image-gallery-free-v3-6-0-released-featuring-enhanced-print-previews-fixing-xss-vulnerability-related-to-print-page-output Note th...
[20180101] - Core - XSS vulnerability in module chromes
Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system...
[20180102] - Core - XSS vulnerability in com_fields
Inadequate input filtering in comfields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox...
cms2cms improper file/folder permissions
All these extensions create a folder with permissions 0777, which is not subsequently deleted. CMS2CMS: Automated Blogger to J! Migration CMS2CMS: Automated HTML to J! Migration CMS2CMS: Automated Drupal to J! Migration CMS2CMS: Automated WordPress to J! Migration CMS2CMS Automated WiX to J!...
En Masse, all versions, SQL Injection
En Masse by Matamko.com, all known versions, SQL Injection...
Easy Discuss, 4.0.20, XSS
Easy Discuss by Stackideas, versions 4.0.20 and previous, XSS Resolution: update to 4.0.21 update notice: https://stackideas.com/blog/easydiscuss4021-update...
Big File Uploader by Prismanet,1.0.2, Insecure File Upload
Big File Uploader by Prismanet, 1.0.2, Insecure File Upload...
JB Visa,1.0,SQL Injection
JB Visa by Joombooking.com, 1.0, SQL Injection...
User Bench 1.0, sql injection
User Bench by gegabyte.org, version 1.0, sql injection resolution: update to version 1.1 update notice: http://www.gegabyte.org/downloads/joomla-extensions/joomla3/components/307-user-bench...