Wednesday, 03 July 2013 21:39

Joomla! ® Vulnerable Extensions List

Written by

k2, , Open folder permissions

developer release statement 2.6.7...

Wednesday, 05 December 2001 06:00

Joomdonation extensions, Information Disclosure

Written by

Joomdonation extensions, Information Disclosure

Events Booking versions before 2.1.1

Resolution: update to 2.1.1

Update notice URL: http://joomdonation.com/forum/events-booking-general-discussion/50511-events-booking-version-2-1-1-released.htmlEshop versions before 1.4.4

Resolution: update to 1.4.4

Update notice URL:...

Wednesday, 05 December 2001 06:00

joomunited SEO Glossary ,pre 2.2.4,Other

Written by

joomunited SEO Glossary , pre 2.2.4,OtherDeveloper statement in mass email to registered usersWe just fixed an SEO Glossary vulnerability, an update to version 2.2.4 is required as soon as possible.https://www.joomunited.com/changelog/seo-glossary-changelogFix informed by user...

Thursday, 08 October 2015 00:33

Jetext (abandonware), all version

Written by

Jetext

Presumed abandonware (no information about the developer) ...

Tuesday, 22 September 2015 14:30

Vnmshop (abandonware), all versions

Written by

Vnmshop extension, unknown author (probably abandonware)

All versions suspected to be vulnerable...

Wednesday, 19 August 2015 21:51

JACC,3.0.3,XSS (Cross Site Scripting)

Written by

JACC (Just Another Component Creator),3.0.3 - r199, XSS (Cross Site Scripting)

Note that the vulnerability affects Joomla components generated using this extension rather than the extension itself....

Memorix extension [com_memorix], abandonware, SQL Injection

Note: since this extension's website doesn't exist we can classify it as abandonware, until further notice....

Informations component (com_informations), any version, SQL Injection

Note: since this extension's website doesn't exist we can classify it as abandonware, until further notice....

Joomshopping module carousel by WFLab.ru [mod_jshopping_products_wfl], 1.1.2 beta and below, SQL Injection

 ...

Araticlhess Module [mod_araticlhess]/[mod_araticlhes] is a fake module, which is intended to be injected into a hacked website and remain unrecognized.

Known versions often contain only XML file (not really required) and one or more PHP files which are in fact some backdoor/hacking scripts.

It is unknown if this module ever existed...

Page 3 of 3