J-Hotel Portal,6.0.2,SQL Injection

J-Hotel Portal by cmsjunkie.com, 6.0.2, SQL Injection...

AppointmentBookingPro,4.0.1,SQL Injection

AppointmentBookingPro, 4.0.1, SQL Injection Resolution: update to 4.0.2 RC2 Update notice: https://appointmentbookingpro.com/support2/an2/17169-joomla-vel.html...

J-CruiseReservation,3.0,SQL Injection

J-CruiseReservation by CMS Junkie, 3.0, SQL Injection...

JMultipleHotelReservation, 6.0.3, SQL Injection

JMultipleHotelReservation by CMS Junkie, 6.0.3, SQL Injection Resolution: Update to 6.0.4 Update notice: http://www.cmsjunkie.com/blog/joomla-hotel-reservation-6-0-4-release/...

Smart related articles ,1.1,SQL Injection and XSS

Smart related articles by Iacopo Guarneri, 1.1,SQL Injection and XSS...

Most Wanted Real Estate,1.1.0,SQL Injection

Most Wanted Real Estate, 1.1.0, SQL Injection...

OS Services Booking,2.5.1,SQL Injection

OS Services Booking by Ossolution, 2.5.1, SQL Injection Resolution: update to 2.5.2 Update notice: https://www.joomdonation.com/forum/os-services-booking/55627-os-services-booking-2-5-2-security-announcement.html...

OS Property,3.0.9,SQL Injection

OS Property,3.0.9,SQL Injection Resolution: update to 3.10.0 Update notice: https://www.joomdonation.com/forum/os-property/56774-os-property-3-0-9-security-announcement.html...

Joomloc-lite by joomloc.fr,1.3.3,SQL Injection

Joomloc-lite by joomloc.fr, 1.3.3, SQL Injection Resolution: update to 1.4.1 Update Notice URL http://www.joomloc.fr.nf/telecharger/file/joomloc-lite-free-3.html...

Google Map Store Locator by Matamko,4.0,SQL Injection

Google Map Store Locator by Matamko, 4.0, SQL Injection...

PayPal IPN for DOCman by shopfiles.com,3.1,SQL Injection

PayPal IPN for DOCman by shopfiles.com, 3.1, SQL Injection...

J-Business Directory by CMS Junkie, 4.6.8, SQL Injection

J-Business Directory by CMS Junkie, 4.6.8, SQL Injection Resolution: update to 4.7.3 Update Notice URL: http://www.cmsjunkie.com/blog/cat/news-joomla-business-directory/post/joomlabusinessdirectory4-7-3release...

Eventix Events Calendar by Informafix,1.0,SQL Injection

Eventix Events Calendar by Informafix, 1.0, SQL Injection...

Magic Deals Web by Jason Web Design,1.2.0,SQL Injection

Magic Deals Web by Jason Web Design, 1.2.0, SQL Injection...

Vehicle Manager,3.9.4,SQL Injection

Vehicle Manager by Ordasoft,3.9.4, SQL Injection Resolution: update to 3.9.5 Update Notice URL http://ordasoft.com/News/News/vehicle-manager-security-update.html...

Real Estate Manager,3.9.7,SQL Injection

Real Estate Manager by Ordasoft, 3.9.7, SQL Injection Resolution: update to 3.9.8 Update notice: http://ordasoft.com/News/News/real-estate-manager-security-update.html...

Alta User Points,1.1.7,SQL Injection

Alta User Points, 1.1.7, SQL Injection Resolution: update to 1.1.8 Update Notice URL https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=120categoryid=8=58...

BookLibrary,3.6.14,SQL Injection

BookLibrary by Ordasoft, 3.6.14, SQL Injection Resolutiion: Update to 3.6.15 Update notice: http://ordasoft.com/News/News/book-library-security-update.html...

MediaLibrary,3.5.4, SQL Injection

MediaLibrary by Ordasoft, 3.5.4, SQL Injection Resolution: update to 3.5.5 Update notice: http://ordasoft.com/News/News/media-library-security-update.html...

MultiTier,3.1,SQL Injection

MultiTier by Beesto.com, 3.1, SQL Injection...

Street Guesser,1.1.7,SQL Injection

Street Guesser by Nordmograph,1.1.7,SQL Injection resolution: update to 1.1.8 update notice: https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=160categoryid=1=58...

UserExtranet,1.3.2,SQL Injection

UserExtranet by Beesto.com, 1.3.2 and previous, SQL Injection resolution: update to 1.3.3 update notice: http://www.beesto.com/forum/read.php?30,2085...

JO Facebook gallery,4.5,SQL Injection

JO Facebook gallery by Joomcore.com, 4.5,SQL Injection resolution: update to 4.6 Update Notice URL http://joomcore.com/news-updates/item/109-update-jo-facebook-gallery-to-version-4-6-fixed-problem-sql-injection-in-version-4-5...

Canonical Url,4.1.1,SQL Injection

Canonical Url by CMSPlugin.com, 4.1.1, SQL Injection Resolution: update to 4.2.1 Update notice: https://www.cmsplugin.com/products/components/4-canonical-url...

community quiz,4.4.1,SQL Injection

community quiz by corejoomla.com, 4.4.1, SQL Injection Resolution: update to 4.4.2 Update Notice: https://www.corejoomla.com/news/1164-community-quiz-v4-4-2-is-released.html...

Coupon manager, 3.5

Coupon manager by joomla6teen.com, 3.5, SQL Injection...

guesser, 1.0.4

guesser by bitsgeo.com, 1.0.4, SQL Injection...

Abstract manager, 2.1

Abstract manager by joomla6teen.com, 2.1, SQL Injection...

One Vote,1.1.1,SQL Injection

One Vote by advcomsys.com, 1.1.1 and previous, SQL Injection resolution: update to 1.2.2 update notice: http://www.advcomsys.com/joomla-demos...

recipe manager, 2.2

recipe manager by joomla6teen.com, 2.2, SQL Injection...

Ajax search for K2, 2.2

Ajax search for K2 by taleia.software, 2.2, SQL Injection...

[20170407] - Core - ACL Violations

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...

GPS Tools v4.0.1,4.0.1,SQL Injection

GPS Tools v4.0.1,4.0.1,SQL Injection Developer release statement to the vel team https://www.corejoomla.com/news/1163-gps-tools-v4-0-2-is-released.html...

[20170404] - Core - XSS Vulnerability

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components...

JomWall, 4.1.1,SQL Injection

JomWall version 4.1.1 and previous, SQL Injection resolution: update to 4.1.2 update notice: https://dashbite.com/news/jomwall-security-fix-new-version-4-1-2...

Joomloc-CAT, version 4.1.3, SQL injection

Joomloc-CAT, version 4.1.3, SQL injection Resolution: update to 4.2.1 Update Notice URL http://www.joomloc.fr.nf/en/downloads-products/file/joomloc-pro-channel-manager-pms.html...

JE Property Finder, 1.6.3

JE Property Finder,1.6.3,SQL Injection...

Jtag Calendar 6.2.4

JTag Calendar versions 6.2.4 and previous Resolution: update to 6.2.5 Developer states: Fixed security issue in search functionality Update notice: https://joomlatag.com/premium-joomla-extensions/jtag-calendar-detail.html...

hwdVideoShare,N/A

hwdVideoShare,N/A,SQL Injection Dev Statement The hwdVideoShare comhwdvideoshare extension was retired 3 years ago, and we deleted it from the Joomla Extensions Directory. It was replaced by a completely new extension called HWDMediaShare...

Joomla Spider FAQ by Web-Dorado pre 1.3

Joomla Spider FAQ by Web-Dorado pre 1.3 ,SQLi Update to 1.3...

Virtuemart 3.0.10 and previous

XSS Resolution: update to 3.0.12 or 2.6.22 for VM2 users Update notice: http://virtuemart.net/news/latest-news/473-security-release-virtuemart-3-0-12 Note that developer did not inform the VEL...

joomunited SEO Glossary ,pre 2.2.4,Other

joomunited SEO Glossary , pre 2.2.4,Other Developer statement in mass email to registered users We just fixed an SEO Glossary vulnerability, an update to version 2.2.4 is required as soon as possible. https://www.joomunited.com/changelog/seo-glossary-changelog Fix informed by user...

Easy Youtube Gallery , 1.0.2,Information Disclosure

Easy Youtube Gallery , 1.0.2,Information Disclosure...

Community Builder versions 2.1 and previous

Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle Release 2.1.1 updates to version 5.2.22 of PHP Mailer provides custom fix for Guzzle library Developer states that this is precautionary only, and that these...

kunena,4.0.10,Information Disclosure

kunena,4.0.10,Information Disclosure Developers update link https://www.kunena.org/blog/166-kunena-4-0-11-released...

Huge IT gallery,1.1.5,SQL Injection

Huge IT gallery,1.1.5,SQL Injection resolution: update to 1.1.9...

RSMonials,2.2 and previous,XSS (Cross Site Scripting)

RSMonials, 2.2 and previous versions, XSS Cross Site Scripting also insecure file upload...

Kunena, 5.0.2 and newer, XSS (Cross Site Scripting)

Kunena,5.0.2 and newer,XSS Cross Site Scripting resolutiion: update to 5.0.5 update notice: https://www.kunena.org/forum/announcement/id-107...

[20170401] - Core - Information Disclosure

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers...

Jomres 9.8.22 and previous PHPMailer vulnerability

Jomres versions 9.8.20 and previous contain PHP Mailer library vulnerable to CVE-2016-10033 Jomres versions 9.8.22 and previous contain PHP Mailer library vulnerable to CVE-2016-10045 Resolution: update to version 9.8.24 Update notice: http://updates.jomres4.net/CHANGELOGJOMRES...