Our Projects

  • WYSIWYG Editor for Joomla!

    The critically acclaimed WYSIWYG Editor

    One of the most popular & loved editor for Joomla,
    with several hundred votes and reviews to date...
    Learn more...

  • Joomla Menu Builder

    A powerful and professional Dynamic HTML menu system
    that brings CSS and JavaScript technologies together...
    Learn more...

  • Dedicated Hosting Environment for Joomla!

    JoomlaWired.com

    The Joomla Wired servers seem to be one of the fastest,
    I know as I have built a few sites...
    Learn more...

Official Joomla! News

Joomla! Developer - Vulnerability News
  • [20100704] - Core - XSS Vulnerabillitis in Back End
    • Project: Joomla!
    • SubProject: All
    • Severity: Medium
    • Versions: 1.5.19 and all previous 1.5 releases
    • Exploit type: XSS Injection
    • Reported Date: 2010-June-1
    • Fixed Date: 2010-July-15

    Description

    Back-end user can inject Javascript in various administrator screens.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.19...

  • [20100703] - Core - XSS Vulnerabillitis in Back End
    • Project: Joomla!
    • SubProject: All
    • Severity: Medium
    • Versions: 1.5.19 and all previous 1.5 releases
    • Exploit type: XSS Injection
    • Reported Date: 2010-June-8
    • Fixed Date: 2010-July-15

    Description

    Back-end user can inject Javascript in various administrator screens.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.19...

  • [20100702] - Core - XSS Vulnerabillitis in Back End
    • Project: Joomla!
    • SubProject: All
    • Severity: Medium
    • Versions: 1.5.19 and all previous 1.5 releases
    • Exploit type: XSS Injection
    • Reported Date: 2010-June-8
    • Fixed Date: 2010-July-15

    Description

    Back-end user can inject Javascript in various administrator screens.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.19...

  • [20100701] - Core - SQL Injection / Internal Path Exposure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 1.5.19 and all previous 1.5 releases
    • Exploit type: Internal Path Exposure
    • Reported Date: 2010-June-10
    • Fixed Date: 2010-July-15

    Description

    Back-end user can create MySQL error which shows internal path information in the error message.

    Affected Installs

    All...

  • [20100501] - Core - XSS Vulnerabilities in Back End
    • Project: Joomla!
    • SubProject: All
    • Severity: High
    • Versions: 1.5.17 and all previous 1.5 releases
    • Exploit type: XSS Injection
    • Reported Date: 2010-May-13
    • Fixed Date: 2010-May-28

    Description

    Back-end user can inject javascript in various administrator screens.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.17...

  • [20100423] - Core - Negative Values for Limit and Offset
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 1.5.15 and all previous 1.5 releases
    • Exploit type: information Disclosure
    • Reported Date: 2010-Feb-21
    • Fixed Date: 2010-Apr-23

    Description

    If a user entered a URL with a negative query limit or offset, a PHP notice would display...

  • [20100423] - Core - Installer Migration Script
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 1.5.15 and all previous 1.5 releases
    • Exploit type: Code upload
    • Reported Date: 2009-Dec-30
    • Fixed Date: 2010-Apr-23

    Description

    The migration script in the Joomla! installer does not check the file type being uploaded. If the...

  • [20100423] - Core - Sessation Fixation
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 1.5.15 and all previous 1.5 releases
    • Exploit type: Session fixation
    • Reported Date: 2010-Mar-25
    • Fixed Date: 2010-Apr-23

    Description

    Session id doesn't get modified when user logs in.  A remote site may be able to forward...