The Joomla! Community Portal ™

JoomlaConnect

JoomlaConnect - Security English

(View All Languages)

Recent Posts

MyBlog by Azrul, abandonware, SQLi & AFU

  • Report this


MyBlog exension was developed by Azrul, of which website is defunct for a longer time.

Extension is abandonware, and has multiple know vulnerabilites like SQLi and AFU.

Warning: no upgrade/fix existing, all versions are to be considered vulnerable and removed immediately.

Keep reading about: MyBlog by Azrul, abandonware, SQLi & AFU...
 

J2Store by Weblogicx India, 3.1.6 and below, SQL Injections

  • Report this


J2Store by Weblogicx India, 3.1.6 and below, SQL Injections

Update: vulnerabilites fixed in version 3.1.7

Announcement: http://j2store.org/j2store-v3.html (could be more clear it is security release)

Keep reading about: J2Store by Weblogicx India, 3.1.6 and below, SQL Injections...
 

Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns

  • Report this


Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns

Vulnerabilities:

  • Direct Object References
  • Cross-Site Scripting
  • SQL Injection
  • Local file disclosure/Path traversal
  • File Upload

Fixed: vulnerability fixed in version 1.4.0

Developer's notice: http://joomdonation.com/forum/helpdesk-pro/48029-helpdesk-pro-1-4-0-security-released.html

Keep reading about: Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns...
 

AdsManager by Joomprod [com_adsmanager], 3.1.0 and below, arbitrary file upload

  • Report this


AdsManager by Joomprod [com_adsmanager], 3.1.0 and below,Other

Keep reading about: AdsManager by Joomprod [com_adsmanager], 3.1.0 and below, arbitrary file upload...
 

[20150602] - Core - CSRF Protection

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.1
  • Exploit type: CSRF Protection
  • Reported Date: 2015-April-06
  • Fixed Date: 2015-June-30
  • CVE Number: tbd

Description

Lack of CSRF checks potentially enabled uploading malicious code.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security...

Keep reading about: [20150602] - Core - CSRF Protection...
 

[20150601] - Core - Open Redirect

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.4.1
  • Exploit type: Open Redirect
  • Reported Date: 2015-June-01
  • Fixed Date: 2015-June-30
  • CVE Number: tbd

Description

Inadequate checking of the return value allowed to redirect to an external page.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the...

Keep reading about: [20150601] - Core - Open Redirect...
 

Kunena 4.0.2 xss resolution

  • Report this


 This version is a security release and addresses most of the important issues that were discovered in K 4.0.1
Developer update statement http://www.kunena.org/blog/149-kunena-4-0-2-released
developer  @kunena did not inform VEL

Keep reading about: Kunena 4.0.2 xss resolution...
 

BT Portfolio,3.0.5 and below,Other

  • Report this


BT Portfolio,3.0.5 and below,Other

Keep reading about: BT Portfolio,3.0.5 and below,Other...
 

BT Portfolio,3.0.5 and below,Other

  • Report this


BT Portfolio,3.0.5 and below,Other

Resolution: update to 3.0.6 or later

Update notice: http://bowthemes.com/bt-portfolio-version-3.0.6.4.6-released.html

 

Keep reading about: BT Portfolio,3.0.5 and below,Other...
 

SimpleImageUpload by Tuts4You, 1.2 and below, Other

  • Report this


SimpleImageUpload by Tuts4You, 1.2, Other

Keep reading about: SimpleImageUpload by Tuts4You, 1.2 and below, Other...
 

Languages

Categories

Recently Updated Feeds

Live VEL Direct XML Feed

Resolved VEL XML Feed

JSST News Feed XML Feed

Vulnerable Extensions List Reports XML Feed



To get your feed included in JoomlaConnect, see our page on getting connected.