Project: Joomla! SubProject: All Severity: Low Versions: 1.6.0 Exploit type: Cross Site Request Forgery Reported Date: 2011-March-04 Fixed Date: 2011-March-07 Description Inadequate token checking leads to cross-site request forgery vulnerability. Affected Installs Joomla! version 1.6.0. Solution Upgrade to the latest Joomla! version (1.6.1 or later) Reported by Marius van Rijnsoever Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/3PLOZaZCAfI/339-20110308-core-csrf-vulnerability.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.5.22 and earlier Exploit type: Information Disclosure Reported Date: 2010-December-08 Fixed Date: 2011-April-04 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.5.22 and all previous 1.5 versions Solution Upgrade to the latest Joomla! version (1.5.23 or later) Reported by Hannes Papenberg Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/nUW1H--gCks/340-20110401-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-April-06 Fixed Date: 2011-April-14 Description Unescaped values in administrative modal windows causes potential XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Klas Berli? Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/u9eIwRSwBMs/343-20110404-core-xss-vulnerabilities.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: Clickjacking Reported Date: 2011-March-30 Fixed Date: 2011-April-14 Description Inadequate protection leads to clickjacking vulnerability. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Aung Khant, YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/WTrB-ix3sdc/347-20110409-core-clickjacking.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-28 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_O4gVsC7qio/341-20110402-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-April-05 Fixed Date: 2011-April-14 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/fvcotVZoFOA/345-20110406-core-xss-vulnerabilities.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: Unauthorised access Reported Date: 2011-March-17 Fixed Date: 2011-April-14 Description Inadequate permission checking causes potential for unauthorised access. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Elin Waring Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/1o9M0tlhwPI/346-20110407-core-unauthorised-access.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: SQL Injection Reported Date: 2011-March-12 Fixed Date: 2011-April-14 Description Unescaped values in query leads to SQL injection vulnerability. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by anonymous. Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/Vk8_BG8P5kY/348-20110408-core-sql-injection.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-26 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by High-Tech Bridge SA (Switzerland) Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/oR87K7FIE18/342-20110403-core-information-disclosure.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: XSS Vulnerabilities Reported Date: 2011-March-29 Fixed Date: 2011-April-14 Description Inadequate filtering causes XSS vulnerabilities. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/QjCzrP-PZ0M/344-20110405-core-xss-vulnerabilities.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-May-25 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/R-ukmCKF5Cc/352-20110604-xss-vulnerability.html

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: Information Disclosure Reported Date: 2011-May-25 Fixed Date: 2011-June-23 Description Inadequate filtering causes possible information disclosure. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/h_vhGzywIH0/351-20110602-information-disclosure.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: Unauthorised Access Reported Date: 2011-June-10 Fixed Date: 2011-June-27 Description Inadequate permission checking causes potential for unauthorised access. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Mark Dexter Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/-H402HxFwzE/350-20110603-unauthorised-access.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-March-24 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Mesut Timur Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ken4uB6ziy4/349-20110601-xss-vulnerabilities.html

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.5 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-July-11 Fixed Date: 2011-July-19 Description Inadequate escaping leads to XSS vulnerability. Affected Installs Joomla! version 1.6.5 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.6 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/4KDvSjZRIvs/357-20110701-xss-vulnerability.html

SQLi - Unable to locate developer. Possibly a custom extension. Feb 01 Not Known

Read more: Joomla! Documentation - Vulnerable Extensions List

Sqlreport has a sql/RFI exploit. awaiting confirmation on exact developer. Feb 20 Not Known

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLi heza content 13 march 2010

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLi gigcalender 13 march 2010

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 040410

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI http://extensions.joomla.org/extensions/communities-a-groupware/project-a-task-management/5676 110410

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/ 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/ 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/ 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/ 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/

Read more: Joomla! Documentation - Vulnerable Extensions List

http://dev.pucit.edu.pk/ 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL Injection http://jvehicles.com 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

Sweetykeeper Local File Inclusion Vulnerability http://www.joomlacorner.com/ 120410

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI http://joomlacode.org/gf/project/jfireeagle/frs/ http://www.moto-treks.com 190410 product considered retired and to be replaced by dev

Read more: Joomla! Documentation - Vulnerable Extensions List

jnewspaper (cid) SQL Injection Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

GBU FACEBOOK SQL injection vulnerability http://www.gbugrafici.nl/gbufacebook/

Read more: Joomla! Documentation - Vulnerable Extensions List

iF surfALERT Local File Inclusion Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

Draw Root Map Local File Inclusion Vulnerability joomlacomponent.inetlanka.com

Read more: Joomla! Documentation - Vulnerable Extensions List

Multiple Map Local File Inclusion Vulnerability joomlacomponent.inetlanka.com

Read more: Joomla! Documentation - Vulnerable Extensions List

Multiple Root Local File Inclusion Vulnerability http://joomlacomponent.inetlanka.com/

Read more: Joomla! Documentation - Vulnerable Extensions List

Matamko Local File Inclusion Vulnerability 210410

Read more: Joomla! Documentation - Vulnerable Extensions List

Joomla Component ZiMB Manager Local File Inclusion Vulnerability 210410

Read more: Joomla! Documentation - Vulnerable Extensions List

Archery Scores (com_archeryscores) v1.0.6 LFI Vulnerability 210410

Read more: Joomla! Documentation - Vulnerable Extensions List

Ultimate Portfolio Local File Inclusion Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

htmlcoderhelper graphics v1.0.6 LFI Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

SmartSite com_smartsite Local File Inclusion Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

Noticeboard for Joomla "controller" Local File Inclusion Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

JE Property Finder Upload Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

RFI www.camp26.biz

Read more: Joomla! Documentation - Vulnerable Extensions List

Local File Disclosure Vulnerability Developer Update 140510

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL Injection Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomlaextensions.co.in/free-download/doc_download/11-je-quotation-form.html LFI developers statement of resolution note, now known as JE Quote Form

Read more: Joomla! Documentation - Vulnerable Extensions List

XSS in LiveHelp 200510

Read more: Joomla! Documentation - Vulnerable Extensions List

Stack Ideas section Ex LFI

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomlaextensions.co.in/ LFI SQLi

Read more: Joomla! Documentation - Vulnerable Extensions List

MediQnA LFI vulnerability version : v1.1

Read more: Joomla! Documentation - Vulnerable Extensions List

http://slideshow.joomlaextensions.co.in/ SQL Injection Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

jsjobs SQL Injection Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

g2bridge LFI vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.design-joomla.eu Multiple Vul 05/06/10

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.leadya.co.il/ SQLi 050610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomla.clubnautiquemarine.fr/ Upload Vulnerability 05/06/10

Read more: Joomla! Documentation - Vulnerable Extensions List

http://extensions.joomla.org/extensions/news-display/news-tickers-a-scrollers/8425 reports of shell scripts in download file 120610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://recruitment.focusdev.co.uk Upload Vulnerability 130610

Read more: Joomla! Documentation - Vulnerable Extensions List

www.alphaplug.com LFI 180610

Read more: Joomla! Documentation - Vulnerable Extensions List

Multiple Vulnerabilities http://extensions.joomla.org/extensions/ads-a-affiliates/classified-ads/12062 180610

Read more: Joomla! Documentation - Vulnerable Extensions List

JFaq 1.2 Multiple Vulnerabilities 180610

Read more: Joomla! Documentation - Vulnerable Extensions List

Multiple Vulnerabilities http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/12504 180610

Read more: Joomla! Documentation - Vulnerable Extensions List

Multiple Vulnerabilities http://extensions.joomla.org/extensions/communication/forum/12652 180610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.rswebsols.com/downloads/category/14-download-rsmonials-all?download=23%3Adownload-rsmonials-component XSS Exploit 190610 Believed to be 1.5.1 version

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.misterestate.com/ Blind SQL Injection Exploit 190610

Read more: Joomla! Documentation - Vulnerable Extensions List

BF Survey Pro Free SQL Injection Exploit 190610 Product marker as retired by the developer

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.turtus.org.ua/files?func=fileinfo&id=13 SQL Injection (again) 190610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.joompolitan.com/livechat.html Multiple Remote Vulnerabilities 190610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomclan.com/index.php/JoomDocs/ xss vulnerability 190610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://jforjoomla.com/ SQLi Vulnerability 190610

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL injection 190610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.opensourcetechnologies.com/demos/real-estate.html RFI 210610

Read more: Joomla! Documentation - Vulnerable Extensions List

http://sourceforge.net/projects/date-converter/ sqli 010710

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomlacode.org/gf/project/eventcal/frs/ SQL I last update 2006-12-31 on joomlacode 040710

Read more: Joomla! Documentation - Vulnerable Extensions List

autartica.be Sqli Vulnerability 060710

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomlacode.org/gf/project/jartforms/ ArtForms 2.1b7.2 RC2 Multiple Remote Vulnerabilities 090710 Old beta extension

Read more: Joomla! Documentation - Vulnerable Extensions List

http://paymentsplus.com.au/ 2.1.5 Blind SQL Injection Vulnerability 090710 current version 2.20, 2.1.5 not listed on dev site

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.php-shop-system.com/ SQLi LFI XSS Vulnerability

Read more: Joomla! Documentation - Vulnerable Extensions List

http://waltercedric.com/ LFI and xss 090710 No longer available to download

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.schlu.net sqli 090710

Read more: Joomla! Documentation - Vulnerable Extensions List

http://extensions.joomla.org/extensions/edition/custom-code-in-content/2184 no version number provided

Read more: Joomla! Documentation - Vulnerable Extensions List

http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Persistent XSS Vulnerability july 10,2010

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.rapid-source.com Persistent XSS Vulnerability last known fix version 1.7.2 july 10,2010

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.jomtube.com/ SID 220710

Read more: Joomla! Documentation - Vulnerable Extensions List

www.webmaster-tips.net various 010710

Read more: Joomla! Documentation - Vulnerable Extensions List

Amblog SQLi 120810

Read more: Joomla! Documentation - Vulnerable Extensions List

Teams extension SQL Injection 120810

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL Injection 020910

Read more: Joomla! Documentation - Vulnerable Extensions List

SID 020910

Read more: Joomla! Documentation - Vulnerable Extensions List

LFD, 777 020910

Read more: Joomla! Documentation - Vulnerable Extensions List

jphone LFI 090910

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.joomla-clantools.de/downloads/doc_download/7-clantools-123.html clantool sqli 090910

Read more: Joomla! Documentation - Vulnerable Extensions List

iJoomla Magazine 3.0.1 RFI 090910

Read more: Joomla! Documentation - Vulnerable Extensions List

http://freestyle-joomla.com/fssdownloads/viewcategory/2 Freestyle FAQ 1.5.6 ?SQL Injection

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL injection pulseextensions.com 011110 developer http://demo.pulseextensions.com/flip-wall.html update notice link title

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL injection pulseextensions.com 011110 developer resolution notice

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 091110

Read more: Joomla! Documentation - Vulnerable Extensions List

ccboard XSS and SQLi 131110 on my site at [1] Please find the respective update information

Read more: Joomla! Documentation - Vulnerable Extensions List

alfurqan 1.5 sqli 151110

Read more: Joomla! Documentation - Vulnerable Extensions List

Maian Media SQLi 151110 Developer states unproven in free edition, paid/SILVER version is being upgraded. dev article

Read more: Joomla! Documentation - Vulnerable Extensions List

Jimtawl LFI 251110

Read more: Joomla! Documentation - Vulnerable Extensions List

People component http://www.ptt-solution.com/vmchk/people-component.html sqli 150111

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLI http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/15367 220111 Developers resolution notice

Read more: Joomla! Documentation - Vulnerable Extensions List

B2 portfolio 1.0 SQLi pulseextensions.com 250111

Read more: Joomla! Documentation - Vulnerable Extensions List

http://com-property.com/ malicious files in script Dev update statement

Read more: Joomla! Documentation - Vulnerable Extensions List

Frontend-User-Access 3.4.1 from http://www.pages-and-items.com LFI 030211 update to Frontend-User-Access 3.4.2

Read more: Joomla! Documentation - Vulnerable Extensions List

Malicious payload in zip 230211 developer resolution notice Clean version available from joomlacode

Read more: Joomla! Documentation - Vulnerable Extensions List

RFI 230211 (repeat of 041110) v2.4.1 security fix for Joomla 1.5.x

Read more: Joomla! Documentation - Vulnerable Extensions List

Unspecified 260211 dev announcement of security release

Read more: Joomla! Documentation - Vulnerable Extensions List

jLabs Google Analytics Counter SID

Read more: Joomla! Documentation - Vulnerable Extensions List

forced 777, malicious files 250311 devs resolve statement, Changelog

Read more: Joomla! Documentation - Vulnerable Extensions List

SID, open folders 120311

Read more: Joomla! Documentation - Vulnerable Extensions List

com semantic http://www.scms.es/joomla creates hidden admin users 150311

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLi ordasoft booklibrary 180311 developer upgrade instructions

Read more: Joomla! Documentation - Vulnerable Extensions List

SID. call home device with user credentials 120411 dev update notice

Read more: Joomla! Documentation - Vulnerable Extensions List

akkeba backup and joomlapack 170411 dev update to 3.2.7

Read more: Joomla! Documentation - Vulnerable Extensions List

XSS 120511 Deveopler update

Read more: Joomla! Documentation - Vulnerable Extensions List

com-docman Input Validation Error 160511 devs resolution statement, report for old version

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI com_google 080511 devs update to 1.5.1

Read more: Joomla! Documentation - Vulnerable Extensions List

flash-gallery.com xss 130511 dev release 0.5.0 statement

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLi 160511

Read more: Joomla! Documentation - Vulnerable Extensions List

ID 190511

Read more: Joomla! Documentation - Vulnerable Extensions List

File Upload Vulnerability 230511

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI/RFI developer states Version 1.8

Read more: Joomla! Documentation - Vulnerable Extensions List

low-level XSS security issue 300511 Dev upgrade statement to 2.2.6

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 0611 developer upgrade announcement to v1.1

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLi developer update to 0.9.1

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 140611 Update - Core Design Scriptegrator plugin 2.0.9 & 1.5.6

Read more: Joomla! Documentation - Vulnerable Extensions List

Cool Debate 1.03 LFI

Read more: Joomla! Documentation - Vulnerable Extensions List

sqli + ID 180611 dev security release 0.0.2

Read more: Joomla! Documentation - Vulnerable Extensions List

SQL I (not listed in JED) 020711

Read more: Joomla! Documentation - Vulnerable Extensions List

ID Contains "Call-Home" function. Sends private user information to developer. 020711 Developer states Use version 1.3.4.1

Read more: Joomla! Documentation - Vulnerable Extensions List

Creates 777 folders Atomic gallery 110711

Read more: Joomla! Documentation - Vulnerable Extensions List

sqli 1.2.11 120711 upgrade to 1.2.12

Read more: Joomla! Documentation - Vulnerable Extensions List

sqli 120711 Developers Update statement 2.1

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLI - 130711 developer fix and update statement

Read more: Joomla! Documentation - Vulnerable Extensions List

SQLi - version 1.2.6 150711 1.2.7 released developer release statement 160711

Read more: Joomla! Documentation - Vulnerable Extensions List

ID multiple vulnerabilities 170711 developer release 2.1.4

Read more: Joomla! Documentation - Vulnerable Extensions List

DT - 170711 developer states The new version number v1.5r1362 resolves the problem

Read more: Joomla! Documentation - Vulnerable Extensions List

http://www.alphaplug.com/ Please contact the developer for any questions on this extension 170711 220711

Read more: Joomla! Documentation - Vulnerable Extensions List

ID - 220711 developer security release 1.5 x.25 and 1.6 x.26.

Read more: Joomla! Documentation - Vulnerable Extensions List

xss (admin permission required) 220711 updated to 5.20

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 22071 developer update security announcement Current 2.0.1 and 1.4.x versions, are not vulnerable,

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 230711 devloper security update notice to ver 1.9

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 230711

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 310711

Read more: Joomla! Documentation - Vulnerable Extensions List

DT - open folders 110811 developer resolution statement

Read more: Joomla! Documentation - Vulnerable Extensions List

Timthumb RFI 110811 developer upgrade 1.5.0 statement

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI/RFI 180811 developers resolution notice 1.0.3

Read more: Joomla! Documentation - Vulnerable Extensions List

777 Folder settings (all folders it uses are set to 777 including previously 755 locked folders) 260811 developer resolution notice

Read more: Joomla! Documentation - Vulnerable Extensions List

Numerous vulnerabilities. Website Optimizer, Pearl Group 290811

Read more: Joomla! Documentation - Vulnerable Extensions List

JCE lfi/rfi vulnerability JCE 2.0.11 and JCE 1.5.7.14 have been released

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 300811 Developer states proper use of joomla administration/extension documentation reading

Read more: Joomla! Documentation - Vulnerable Extensions List

LFI 300811 developer advice page

Read more: Joomla! Documentation - Vulnerable Extensions List